@QuantumPimp: I think you may be slightly "off" with where my position rests. While there is a certain amount of effort that needs to be made by each individual through various means (including those that you mentioned), it is not solely the responsibility of that person to ensure their privacy.
Where the "issue" of privacy violation comes in lies with the Freedom of Information and Protection of Privacy Act (FIPPA). In particular, FIPPA s.21(1) where it states:
21. (1) A head shall refuse to disclose personal information to any person other than the individual to whom the information relates except,
a) upon the prior written request or consent of the individual, if the record is one to which the individual is entitled to have access;
b) in compelling circumstances affecting the health or safety of an individual, if upon disclosure notification thereof is mailed to the last known address of the individual to whom the information relates;
c) personal information collected and maintained specifically for the purpose of creating a record available to the general public;
d) under an Act of Ontario or Canada that expressly authorizes the disclosure;
e) for a research purpose if,
(i) the disclosure is consistent with the conditions or reasonable expectations of disclosure under which the personal information was provided, collected or obtained,
(ii) the research purpose for which the disclosure is to be made cannot be reasonably accomplished unless the information is provided in individually identifiable form, and
the person who is to receive the record has agreed to comply with the conditions relating to security and confidentiality prescribed by the regulations; or
f) if the disclosure does not constitute an unjustified invasion of personal privacy. R.S.O. 1990, c. F.31, s. 21 (1).
The issue comes in whereas an IP address alone cannot identify the user who actually established the connection. For this reason, unless a court order were issued to force the disclosure by a company such as Distributel (among others) just forking out this information would constitute an unjustified invasion of privacy due to the lack of proof of who it was who physically initiated the connection.
The short version is, while there are some responsibilities that the end-user has to protect their own privacy, there are actually also some responsibilities that the provider has as well.