One year after Canadian businesses became subject to mandatory data breach reporting, the country’s federal privacy watchdog says reports of breaches have dramatically increased, with their figures suggesting more than 28 million Canadians have been affected by a data breach in the past year.
“Since reporting became mandatory, we’ve seen the number of data breach reports skyrocket,” the Office of the Privacy Commissioner of Canada (OPC) said in a blog post on Thursday.
“Some of those reports have involved well-known corporate names, but we have also seen significant volumes coming from small- and medium-sized businesses.”
The OPC is an arm’s-length parliamentary body that enforces Canada’s Privacy Act and the country’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).
Last November, the rules changed so that reporting data breaches was no longer voluntary for organizations subject to PIPEDA.
As of Nov. 1, 2018, Canadian businesses are required to inform customers as well as the OPC if there are ever “any breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals.”
The penalty for not reporting includes fines up to $100,000 for each time a person is impacted by a breach, if the Canadian government pursues prosecution of a case.
A year later, the OPC says it has received 680 data breach reports between Nov. 1, 2018 and Oct. 31, 2019 — “six times the volume we had received during the same period one year earlier.”
“It’s a staggering increase and higher than we had anticipated,” the OPC said.
“Those 680 reports indicated that the total number of people affected by those breaches was over 28 million,” said OPC spokesperson Valerie Lawton in an email to Global News.
Source: Read Full Article