Table of Contents Table of Contents
Previous Page  10 / 89 Next Page
Show Menu
Previous Page 10 / 89 Next Page
Page Background

Annual Report to Parliament 2014-2015 – Report on the

Privacy Act

Guarding against breaches and preventing

privacy violations can be a challenge that we

do not want to minimize. However, given

that Canadians are required to provide very

sensitive information to federal departments

and agencies, the government’s duty of care is


Many institutions have made some strides to

better protect personal information. This said,

the over 250 data breaches reported to our

Office during the reporting period, some of the

investigations we summarize in this report and

the results of our audit into the management

of portable storage devices suggest there is still

much room for improvement.


Data breaches diminish both the control

individuals have over their personal

information, as well as their confidence in

institutions with which they entrust it. With

our feature in chapter four, this report takes

a close look at some of the more significant

breaches, how they happened, and the

responsible institutions’ efforts to respond

to these incidents and help prevent similar

incidents from happening in the future.

The past year was the first in which the

Treasury Board President’s revised directive

on data breach reporting required institutions

to report “material” breaches of personal

information to both our Office and Treasury

Board of Canada Secretariat (TBS).

Mandatory reporting is an important

step forward. As noted in previous annual

reports, when reporting was voluntary, it was

impossible to know whether the significant

increases we were seeing in recent years

indicated that there were more data breaches

occurring, or whether institutions had simply

been more diligent in reporting.

Having nearly a full fiscal year of institutions

operating under the new requirements,

we are starting to gain better insight into

federal breaches, which should provide a

clearer baseline for comparison in the future.

Understanding why and how breaches occur,

how to guard against them, and how to

mitigate the risk to Canadians when they do

happen was a major focus for the Office over

the past year and will remain so going forward.

While we did see some cases where network

vulnerabilities and technological glitches

led to the disclosure of Canadians’ personal

information, our review of data breaches

reported during 2014-2015 found that—as

in previous years—accidental disclosure, a

risk which can often be mitigated by more

rigorous procedures, was the leading cause. In

fact, accidental disclosure was by far the largest

category of data breaches, representing 73

percent of the total number reported.

Knowing that nearly three quarters of breaches

could have been prevented with greater care

is a concern. It shows that institutions are still

suffering breaches stemming from misdirected