Many companies in Toronto underestimate the impact of a lack of cybersecurity as it applies to privacy issues throughout Canada.
Privacy issues have been a hot topic in recent months and any breach of privacy impacts a business’s bottom line especially when malicious malware infects their computer network. If hit with a breach, a business will incur heavy costs such as third party compensation, customer compensation, legislative fines, penalties, loss of profits, and in worse case scenarios, legal defense costs and shareholder litigation.
The Office of the Privacy Commissioner of Canada (OPC) recently released a survey of Canadian businesses that highlighted some interesting results of the latest privacy-related issues. Key findings include:
In saying this, Canadas privacy breaches are on the rise because business leaders are not taking appropriate measures to protect the personal data of their employees, customers, and vendors.
A privacy breach occurs when an individual’s personal information is, collected, accessed, and used without their permission. A privacy breach can also occur if disclosed to a third party in contravention of applicable privacy legislation or a companies privacy policy.
The term “Personal Information,” is defined differently according to different statutes, and is considered to be the cornerstone of most privacy laws.
Personal information refers to information that can identify an individual including personal information such as an individual’s home address, telephone number, age, marital status; education, health, employment, or criminal history. It also includes personal information such as ethnic origin, nationality, colour, religion, blood type; and sexual preference or political affiliation.
What makes the release of personal information so damaging is when cybercriminals obtain personal identification numbers listed on a driver’s license, credit card, or a bank account to commit identity fraud and gain unauthorized access to an individual’s finances.
Identity theft and financial loss have been recognized as the two fastest-growing crimes throughout Canada.
Intentional breaches of privacy also occur through the manipulation and abuse of technologies by hackers to gain access to repositories that are commonly used by businesses to store personal information. These intentional breaches are malicious and consist of a deliberate attempt to access, collect, and use an individual’s personal information with the intent to commit a crime.
If a business suffers an intentional or unintentional breach they are equally culpable for the breach for contravening Canada’s privacy laws even if the breach does not lead to fraud. Therefore it is critically important for businesses to understand what their obligations are when it comes to the handling of personal information as it pertains to the law.
Not only does a privacy breach affect the bottom line with potential fines, penalties, and compensation, there is a hidden cost that most businesses forget to consider, and that is the loss of goodwill. Customer loyalty suffers from the resulting bad publicity which can take years to overcome. While it’s easy to quantify hard costs, it’s very difficult to estimate the soft costs emanating from a breach that could have long-lasting effects for years.
Canadian businesses may think that data breaches that occur outside Canada, doesn’t affect them. Consider how many Canadians have a Yahoo account, stay in Marriott hotels, have a Facebook account, and play games online.
What is even more disturbing is that these larger organizations have cybersecurity experts on staff and yet were subject to a breach of privacy.
Reporting a data breach is required by the law. The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out time deadlines to notify customers and a Real Risk Of Substantial Harm (RROSH) test.
Some contracts have clauses in them, which makes it obligatory to disclose any data incidents. From a moral and ethical viewpoint, letting your customers and or employees know you have been subject to a data breach at least allows them to take steps to immediately protect themselves against identity fraud and financial loss.
If you fail to report a data breach under the privacy laws PIPEDA and PHIPA (Personal Health Protection Act) can demand up to $500,000 from a business involved in a data breach.
Canadians are becoming more concerned about the safety of their personal data and expect businesses to handle their information with care.
When it comes to personal information, The Office of the Privacy Commissioner of Canada has easy to follow guidelines for businesses. These links will help your organization not only comply with privacy laws, but it will also help you learn about how to improve the handling of personal data.
Prevention is always better than a cure which is where Sysoft, the leading IT Managed Services Provider in Toronto can help. Not only do they keep your business technology running as efficiently as possible, but they are also experts when it comes to cybersecurity.
Without the right level of security, you run the risk of putting your relationship with your clients at risk. For an obligation-free assessment of your current levels of security, call the Sysoft experts at 416-410-7268 or via email to info@sysoft.ca.