Canadians are suffering too many leaks of personal data because private-sector companies don't take adequate precautions to protect the information, says the federal privacy commissioner.

In a report to Parliament, Jennifer Stoddart also says her office too often doesn't hear about breaches that could have a harmful impact on individuals.

Stoddart says there were just 34 voluntary reports of information leaks last year from the private sector, and disclosures by small and medium-sized companies were especially rare.

A House of Commons committee has recommended that reporting be made mandatory, and Industry Canada is working on a strategy to implement the proposal.

"I think it's extremely important," Stoddart said in an interview. "There's a trend around the world of privacy commissioners taking this stand (in favour of mandatory reporting)."

The move will require amendments to the Personal Information Protection and Electronic Documents Act, the federal law that governs the private sector. Stoddart said she hopes the Conservative government will be ready to table the revamped legislation by the fall.

The privacy commissioner's office received 350 new complaints from individuals in 2007, almost a third of them involving financial institutions.

The office tries to resolve complaints amicably, but Stoddart has the power to go to court when her recommendations are ignored.

The highest-profile investigation undertaken in 2007 centred on U.S.-based retailer TJX, where thieves tapped into company databases and stole credit- and debit-card information affecting millions of people worldwide, including customers of Winners and HomeSense stores in Canada.

Court cases arising from the breach are still under way in the United States, but Stoddart said she's satisfied that new procedures instituted by the company have brought it into compliance with Canadian privacy law.

She noted, however, that too many firms still fail to take "elementary security measures" such as installing reliable encryption software.

That problem can be compounded when well-meaning employees download information onto insecure laptops for work at home.

Other incidents reported to Stoddart include cases of data tapes missing in transit, improperly discarded paper records and misdirected faxes.