It has been a full year since Canada launched mandatory data breach reporting. Here is what businesses need to know as well as statistics.
Starting November 1st, 2019, all Canadian businesses became subject to new mandatory cyber security breach reporting regulations. This is all under The Office of the Privacy Commissioner of Canada federal private sector privacy law better known as the Personal Information Protection and Electronic Documents Act (PIPEDA).
All organizations are subject to Personal Information Protection and Electronic Documents Act (PIPEDA). They are required to report any cyber security breaches to The Office of the Privacy Commissioner of Canada. This would be regarding security safeguards involving personal information that pose a real risk of significant harm to individuals. Organizations that have been affected all are required to notify affected individuals about those cyber security breaches as well as keep all records of all cyber security data breaches within the organization.
Prior to the mandatory data breach reporting, all data breach reporting to The Office of the Privacy Commissioner of Canada was done on a 100% voluntarily basis.
Starting November 1st, 2019, the number of cyber security data breach reports has skyrocketed in Canada. This gives the public complete transparency and trust that organizations are being held accountable. Some of the recent mandatory cyber security breaches have included some well-known corporate names however there has been a significant increase in volume from the small- and medium-sized business (SMB) market.
According to a recent CTV News report, 19 million Canadians have had their data breached in eight months. Of the 446 breaches reported to The Office of the Privacy Commissioner of Canada (OPC), approximately 59 per cent were a result of unauthorized access such as a hacker or phishing scam. Another 22 per cent were from accidental data breach data disclosures such as information being sent to the wrong person. Approximately 13 percent of mandatory data breach reports were from loss of data such as a loss of a USB drive. Finally, 6 percent was the result of a physical theft of things like computers, drives, or even paper files.
Since November 1st, 2018, there have been approximately 680 cyber security breach reports. This is an increase of six times the volume during the same period one year earlier. The recent reports have revealed a clear picture of the challenges faced by Canadian businesses when it comes to cyber security.
According to those reports, the number of Canadians affected by a data breach is well over 28 million. That number includes some of the large data breaches including Desjardins and Capital One.
Here are some important steps to reduce data privacy breach risks:
- Where is your Information located?
It is important to know what personal information you have, where it is located, and what you are doing with it. You need to understand your data before you can protect it from a data cyber security breach.
- What are your vulnerabilities?
It is important that organizations conduct risk and vulnerability network assessments at a minimum on their organization. An additional step can be to do a penetration test within your organization to ensure that cyber threats to privacy are identified and fixed immediately. This goes beyond technical vulnerabilities as you should look at safeguards, risks, and privacy responsibilities.
- Do you know about your industry?
Do you watch your industry for data breaches or cyber security risks? You should be aware of data breaches in your industry. Hackers often re-use the same cyber-attacks against multiple organizations within the same industry. You need to pay attention to alerts and other information from your industry, so you are not the next target.
Mandatory data breach reporting has shown much more interesting information including a significant rise in cyber security data breaches affecting a small number of individuals.
Another interesting trend has been employee snooping and social engineering as key factors. Approximately one in four cyber security incidents involved social engineering attacks such as phishing and impersonation.
Our complimentary network and security assessment can put your IT infrastructure and business to the test.
Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.
365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT Services, IT Support Services, IT Outsourcing Services, Tech Support Services and Cloud Services.
