Sysoft Helps Leaders Understand Concerns About Data Privacy in Toronto Businesses

Data Privacy In Toronto (Insights/Information)

Many companies in Toronto underestimate the impact of a lack of cybersecurity as it applies to privacy issues throughout Canada.

Privacy issues have been a hot topic in recent months and any breach of privacy impacts a business’s bottom line especially when malicious malware infects their computer network. If hit with a breach, a business will incur heavy costs such as third party compensation, customer compensation, legislative fines, penalties, loss of profits, and in worse case scenarios, legal defense costs and shareholder litigation.

The Office of the Privacy Commissioner of Canada (OPC) recently released a survey of Canadian businesses that highlighted some interesting results of the latest privacy-related issues. Key findings include:

  • Only one-third of Canadian businesses incorporate some of the guiding principles in their privacy practices.
  • Half or more of Canadian businesses have implemented most of the privacy compliance practices.
  • Many Canadian businesses have a high level of awareness of their responsibilities under Canada’s privacy laws.
  • Company size (more than 100 people) continues to be the strongest predictor of a company’s privacy practices.

In saying this, Canadas privacy breaches are on the rise because business leaders are not taking appropriate measures to protect the personal data of their employees, customers, and vendors.

Data Privacy in Toronto Businesses

What Is A Privacy Breach?

A privacy breach occurs when an individual’s personal information is, collected, accessed, and used without their permission. A privacy breach can also occur if disclosed to a third party in contravention of applicable privacy legislation or a companies privacy policy.

The term “Personal Information,” is defined differently according to different statutes, and is considered to be the cornerstone of most privacy laws.

Personal information refers to information that can identify an individual including personal information such as an individual’s home address, telephone number, age, marital status; education, health, employment, or criminal history. It also includes personal information such as ethnic origin, nationality, colour, religion, blood type; and sexual preference or political affiliation.

Privacy Breaches Can Be Devastating

What makes the release of personal information so damaging is when cybercriminals obtain personal identification numbers listed on a driver’s license, credit card, or a bank account to commit identity fraud and gain unauthorized access to an individual’s finances.

Identity theft and financial loss have been recognized as the two fastest-growing crimes throughout Canada.

Intentional breaches of privacy also occur through the manipulation and abuse of technologies by hackers to gain access to repositories that are commonly used by businesses to store personal information. These intentional breaches are malicious and consist of a deliberate attempt to access, collect, and use an individual’s personal information with the intent to commit a crime.

Businesses Are Equally Culpable for a Privacy Breach

If a business suffers an intentional or unintentional breach they are equally culpable for the breach for contravening Canada’s privacy laws even if the breach does not lead to fraud. Therefore it is critically important for businesses to understand what their obligations are when it comes to the handling of personal information as it pertains to the law.

Breaches Can Be Very Costly

Not only does a privacy breach affect the bottom line with potential fines, penalties, and compensation, there is a hidden cost that most businesses forget to consider, and that is the loss of goodwill. Customer loyalty suffers from the resulting bad publicity which can take years to overcome. While it’s easy to quantify hard costs, it’s very difficult to estimate the soft costs emanating from a breach that could have long-lasting effects for years.

The Largest Data Breaches In History

Canadian businesses may think that data breaches that occur outside Canada, doesn’t affect them. Consider how many Canadians have a Yahoo account, stay in Marriott hotels, have a Facebook account, and play games online.

  • In December 2016, Yahoo announced that up to 3 billion records were hacked and in April 2019 agreed to pay $117.5 million dollars in a class-action lawsuit.
  • River City Media, an email marketing company made headlines for leaking 1.4 billion records in 2017 due to an improper configuration of a backup that placed their entire database online.
  • Veeam had 45 million records hacked in 2018 due to human error when one of its marketing databases was left visible for about ten days containing the names, email addresses, and IP addresses of their customers.
  • The Marriott (Starwood) reported 383 million records were hacked in 2018. Over 500 million accounts were compromised containing the names, addresses, contact details, and passport numbers.
  • Zynga had 218 million records hacked in 2019. In addition to log-in credentials, hackers accessed usernames, email addresses, log-in IDs, some Facebook IDs and phone numbers, of 218 million customers who installed iOS and Android versions of their Draw Something and Words with Friends Games before Sept. 2, 2019.

What is even more disturbing is that these larger organizations have cybersecurity experts on staff and yet were subject to a breach of privacy.

Reporting of Data Breaches

Reporting a data breach is required by the law. The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out time deadlines to notify customers and a Real Risk Of Substantial Harm (RROSH) test.

Some contracts have clauses in them, which makes it obligatory to disclose any data incidents. From a moral and ethical viewpoint, letting your customers and or employees know you have been subject to a data breach at least allows them to take steps to immediately protect themselves against identity fraud and financial loss.

If you fail to report a data breach under the privacy laws PIPEDA and PHIPA (Personal Health Protection Act) can demand up to $500,000 from a business involved in a data breach.

Resources to Consider

Canadians are becoming more concerned about the safety of their personal data and expect businesses to handle their information with care.

When it comes to personal information, The Office of the Privacy Commissioner of Canada has easy to follow guidelines for businesses. These links will help your organization not only comply with privacy laws, but it will also help you learn about how to improve the handling of personal data.

Prevention Is Always Better Than a Cure

Prevention is always better than a cure which is where Sysoft, the leading IT Managed Services Provider in Toronto can help. Not only do they keep your business technology running as efficiently as possible, but they are also experts when it comes to cybersecurity.

Without the right level of security, you run the risk of putting your relationship with your clients at risk. For an obligation-free assessment of your current levels of security, call the Sysoft experts at 416-410-7268 or via email to info@sysoft.ca.