It was bad enough to learn last month that 60,000 customer names, addresses and phone numbers might have been stolen from the database of the 407 toll highway.

It was even more alarming that the data was allegedly used to target people for political gain by several Progressive Conservative candidates in the Ontario election.

The incident highlighted a significant gap in Ontario’s privacy laws: the province’s information and privacy commissioner doesn’t have the power to oversee how political parties collect and handle voters’ personal information.

The commissioner, Brian Beamish, is asking that the law be changed to give him that power. In his latest annual report, he notes that parties now have digital tools that allow them to amass personal information about voters and target them in ways never foreseen by current laws.

The incoming Ford government should make updating the province’s 30-year-old access and privacy laws to fix this problem a priority when it takes office at the end of June.

Beamish notes that harvesting personal information is “frequently undertaken without voters’ knowledge or consent.” But that isn’t the only problem he’s concerned about.

Read more: Apply privacy laws to Canadian political parties, committee recommends

The vast amount of personal information political parties amass from various sources is also vulnerable to cybersecurity threats and privacy breaches.

The threat that this data poses to privacy and democracy is real. The province should extend the authority of Beamish’s office to make sure it has the power to stop this increasingly harmful practice.