News release

Survey suggests business concern over data breaches decreasing

GATINEAU, QC, May 31, 2018 – Despite numerous high-profile data breaches in recent years, half of Canadian executives say they have low or no concerns about a potential breach involving their own business, a new survey has found.

“The low level of concern amongst some businesses is surprising given the significant number of major breaches we see occurring,” says Daniel Therrien, Privacy Commissioner of Canada. “The risk of a breach is an issue every business that collects and uses personal information must be alert to. Breaches can have negative consequences for affected individuals, but also for the organization, including, for example, loss of consumer trust.”

According to the survey, which was commissioned by the Office of the Privacy Commissioner of Canada to better understand the privacy awareness and practices of businesses, only four in 10 have policies or procedures in place in the event of a breach involving customer personal information—a number that remains unchanged since 2015.

In fact, concern over data breaches has actually decreased among Canadian businesses, with the proportion of executives not concerned rising to 50 percent in the most recent survey from 44 percent in 2015.

Meanwhile, surveys of individual Canadians suggest that consumer concern about privacy breaches is very high – with most Canadians (85%) saying that news reports about privacy breaches affected their willingness to share personal information.

Commissioner Therrien noted that new federal regulations on data breach reporting and notification will come into force in November, a step he hopes will help raise business awareness.

“In addition to taking steps to reduce the risk of a breach, businesses need to know how to respond appropriately should an incident occur. That includes knowing the legal requirements for reporting breaches to my office and notifying affected individuals.”

The OPC survey also found that small businesses had lower levels of awareness of their privacy responsibilities than larger organizations, with 43% of small businesses indicating awareness versus 64% of large organizations (100+ employees).

The Office of the Privacy Commissioner of Canada is shifting the balance of its activities towards greater pro-active efforts with the objective of having a broader and more positive impact on the privacy rights of a greater number of Canadians.

This effort includes emphasizing work to inform individuals of their rights and how to exercise them, and to guide departments and organizations on how to comply with their privacy responsibilities. This involves an additional focus on small businesses given their lower levels of awareness.

As well, the Commissioner is seeking a number of legislative changes to strengthen Canada’s federal privacy laws. This would include, for example, providing his office with the power to enter an organization and independently confirm that the principles in federal privacy laws are being respected – even if a violation of law is not suspected.

The survey of 1,014 Canadian businesses was conducted October 27 to November 30, 2017. Based on a sample of this size, the results can be considered accurate to within plus or minus 3.1%, 19 times out of 20.

About the Office of the Privacy Commissioner of Canada

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two laws for the protection of personal information: the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law.

Related content

- 30 -

For more information, please contact:

communications@priv.gc.ca

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: