Cyber security is a hot topic lately among governments, corporate boardrooms, and consumers. The latest companies to make the headlines with devastating hacks and security breeches were Ashley Madison, Visa and Target. Governments are scrambling to both keep up and move forward the measures to address the growing threats to cybersecurity.
There are approximately 27 million Canadian adults using the Internet with an average of 72 hours spent online each month. With so many Canadians conducting their daily activities online, it has never been more important that personal information is secure.
An American study showed that 1 in 5 Americans had personal information stolen from them online. Canadian Internet users conduct many of the same activities online as their American counterparts.
The Government of Canada has introduced the Digital Privacy Act, which updates the federal Personal Information Protection and Electronic Documents Act (PIPEDA). The Act sets clear rules regarding how personal information can be collected, used and disclosed. All amendments are now in effect except for those relating to the breach reporting regime. The latter will come into effect at a later date. Mandatory breach reporting will put more clarity into the number and size of breaches which, until now, have been difficult to estimate.
Under the Digital Privacy Act:
- Organizations must inform consumers when their personal information has been lost or stolen, ensuring that consumers can act to protect themselves online.
- Canadian businesses must disclose data breaches. Companies that cover up a breach, or that intentionally fail to notify affected individuals and the Privacy Commissioner, could face fines of up to $100,000.
- Companies need to use clear language when communicating to ensure that at-risk individuals fully understand the potential consequences of providing their personal information online.
- Changes are being made that recognize the need for businesses to use personal information to conduct normal everyday activities. Barriers are also being removed to enable the sharing of information when it is in the public interest, such as to detect financial abuse or to communicate with the parents of an injured child.
- The Privacy Commissioner of Canada has improved powers to enforce compliance, making the Office of the Privacy Commissioner more flexible and effective in protecting the rights of Canadians in the ever-changing digital world.
It is crucial for Canadian businesses of all sizes to develop comprehensive policies to protect the personal information they are trusted with.
Being diligent with personal data will also decrease the chance your business will make the headlines as the next big data breach.
Data protection is also better for the bottom line. Securing personal information up front is far less expensive than cleaning up the mess after the fact. The cost of responding to a data breach is 15 times the cost of encrypting the data in the first place, according to an estimate by the U.S.-based research company, Gartner.
What can businesses do to guard against identity theft? Manawa Networks provides a comprehensive set of network security services for businesses of all sizes. To learn more visit our IT Security Services page