28M Canadians Affected by Data Breaches Last Year

Last year, Canada implemented mandatory data breach reporting. Before then, it had been optional for companies to report if they had suffered a data breach. Since the change in law, data breach reporting has “sky rocketed,” experts say.

The new mandatory data breach reporting was implemented on Nov. 1, 2018. Under the new law, companies are required to inform customers as well as the Office of the Privacy Commissioner (OPC) of Canada when a data breach occurs.

Global News notes that the new law change specifically requires Canadian businesses to report “any breaches of security safeguards involving personal information that pose a real risk fo significant harm to individuals.”

The penalties for not complying with the law are steep, reports Global News. Fines can be up to $100,000 for every time an individual is affected by a data breach that is not reported, if the Canadian government prosecutes a case of an unreported breach.

Between Nov. 1, 2018 and Oct. 21, 2019, there have been 680 Canadian data breaches reported. According to the OPC, taken together, these data breaches may affect around 28 million people. The total population of Canada was around 37.5 million in July 2019, says Global News, meaning the data breaches may affect the majority of Canadians.

The OPC called these numbers “staggering,” noting that the 680 reported data breaches represented six times the number of data breaches reported during the same time last year.

Additionally, the Office of the Privacy Commissioner says that the data breaches affected companies from large, well-known companies to small ones. Some of the data breaches were reportedly quite small — even affecting just one person through a targeted attack. Reportedly, these targeted data breaches were present in a significantly higher number than previously reported.

However, some of the data breaches were quite large, and exposed a range of sensitive information. Reportedly, 54 data breaches were caused by stolen documents or computers that were used to implement the breach. 81 breaches possibly disclosed information through the loss of files, whether paper or digital.

147 data breaches were reportedly the result of accidental disclosure of information, which occurred through a range of occurrences, including information sent to the wrong person, or left unattended.

397 data breaches, or 58 percent of the breaches, were caused by “unauthorized access” to information by employees or third parties attempting to wrongfully gain information.

Brent Homan, the Deputy Privacy Commissioner for the OPC worries that these 680 breaches “could be the tip of the iceberg,” noting that the flood of reports received this year “could be an indication of a larger problem than has been reported,” quotes IT World Canada.

Homan and the OPC advise executives to be aware of how data breaches occur, and to implement policies that can help prevent data breaches. Proper policy and security measures can help protect employees, customers, and the company. One way that companies can best prevent data breaches is to keep abreast of industry trends in how data breaches are occurring or how companies are preventing them, says IT World Canada.

Lawsuits have already been filed this year over data breaches that plagued Canadian consumers, including a Nissan Canada data breach class action lawsuit and a Canada Desjardins class action lawsuit.

Have you been affected by a recent data breach? Let us know in the comments below.

Read More Lawsuit & Settlement News:

Canada Red Bull Class Action Settlement Website is Established

Philadelphia Educator Diagnosed With Mesothelioma Asbestos Cancer

Canada Inuit, Métis, First Nations Day Schools Abuse Settlement Website Active

Is Johnson & Johnson Baby Powder Safe?