Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Data breaches increase in Canada

Reprints
Employment Practices Canada More + Less -

OTTAWA—The number of data breaches in Canada reported so far in 2008 is outpacing last year's figure, with many of the breaches caused by companies failing to take basic steps to protect personal information, according to Canada's federal privacy commissioner.

The Office of the Privacy Commissioner has received 21 voluntary breach reports in the first five months of 2008 compared with 34 reports of breaches in 2007, according to Privacy Commissioner of Canada Jennifer Stoddart's annual report on the Personal Information Protection and Electronic Documents Act. The agency received 20 reports of data breaches in 2006.

"While the increased number of reports is a positive sign, it's clear we still aren't hearing about every breach which could have a harmful impact on people," the commissioner said in a statement. The agency is supporting a proposal to introduce mandatory breach notification.

Many companies need to do more to prevent "inexcusable security breaches," such as personal information compromised because a company did not implement "elementary" security measures such as encryption on laptops, the commissioner said.

In 2007, almost nine in 10 Canadians affected by these breaches had their personal information compromised because it was held in an electronic format that was either not secured or lacked adequate protection mechanisms such as firewalls and encryption, according to the commissioner's report. Other breaches occurred because employees did not follow established company practices, which companies can address by providing ongoing privacy training.

"It's clear that organizations of all sizes can and must do more to prevent data leaks," Ms. Stoddart said in her report.

PIPEDA establishes ground rules for how organizations collect, use and disclose the personal information of both customers and employees.

The Office of the Privacy Commissioner received 350 new PIPEDA complaints in 2007, with almost one-third of complaints involving financial institutions. That figure declined from 2006, when 424 complaints were filed.

The agency attributed the decline to a streamlined process that addresses all complaints of a similar nature under one complainant, unless a complainant wants to file separately.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.