← All glossary terms Glossary

What is Identity Theft?

The fraudulent use of someone's personal information — to open accounts, make purchases, or impersonate them.

Identity theft is the fraudulent acquisition and use of someone's personal information — name, date of birth, social insurance number, banking details — to impersonate them for financial gain. For individuals it means fraudulent accounts and drained funds; for businesses it often follows a data breach, when the personal information you hold about customers or staff is stolen and abused. This is why protecting personal data is both a security and a legal obligation under laws like PIPEDA and Quebec's Law 25, and why fast breach detection limits the downstream harm.

  • Fraudulent use of personal data — name, SIN, banking details — to impersonate someone.
  • For businesses, it often follows a breach of customer or staff records.
  • A key reason protecting personal data is both a security and a legal duty.

En français

Vol d'identité

L'utilisation frauduleuse des renseignements personnels d'une personne — pour ouvrir des comptes, faire des achats ou l'usurper.

Le vol d'identité est l'acquisition et l'utilisation frauduleuses des renseignements personnels d'une personne — nom, date de naissance, numéro d'assurance sociale, coordonnées bancaires — pour l'usurper à des fins financières. Pour les particuliers, cela se traduit par des comptes frauduleux et des fonds détournés; pour les entreprises, cela découle souvent d'une atteinte aux données, lorsque les renseignements personnels que vous détenez sur des clients ou des employés sont volés et exploités. C'est pourquoi protéger les données personnelles est à la fois une obligation de sécurité et une obligation légale en vertu de lois comme la LPRPDE et la Loi 25 du Québec.

Identity Theft: frequently asked questions

What's the link between identity theft and data breaches?

Breaches are a primary source of the personal information used for identity theft. When customer or employee records are stolen, that data is sold and reused to open fraudulent accounts — which is why fast breach detection limits the harm.

How can a business reduce identity-theft risk?

Collect only the personal data you need, encrypt and restrict access to it, monitor for breaches, and have a tested response plan so any exposure is contained and reported quickly.

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team