Canadian "Guidelines for Identification and Authentication"
These guidelines were released by the Canadian Privacy Comissioner, is a good document discussing both privacy risks and security threats:
Authentication processes can contribute to the protection of privacy by reducing the risk of unauthorized disclosures, but only if they are appropriately designed given the sensitivity of the information and the risks associated with the information. Overly rigorous authentication process, or requiring individuals to authenticate themselves unnecessarily, can be privacy intrusive.
And here’s a longer document published in 2004 by Industry Canada: “Principles for Electronic Authentication.”