Home Governance Data Breach Reports Increase in Canada after Privacy Law

Data Breach Reports Increase in Canada after Privacy Law

Canada Revenue Agency Shut Down Services after Cyberattacks

The number of reported data breaches in Canada increased by six times after the country implemented a new breach-reporting regulation.

The new regulation, the Personal Information Protection and Electronic Documents Act (PIPEDA), went into effect on November 01, 2018. As per the regulation, Canadian companies are required to report all the details of data breaches that occurred within the organization. They also need to notify affected individuals and keep records of all data breaches.

According to the Office of the Privacy Commissioner of Canada’s report, around 680 security breach reports, which is six times the volume received during the same period one year earlier, were received since November 01, 2018. It’s said that the number of Canadians affected by a data breach is more than 28 million, in which 58 percent of reported breaches involved unauthorized access.

“Since reporting became mandatory, we’ve seen the number of data breach reports skyrocket. Some of those reports have involved well-known corporate names, but we have also seen significant volumes coming from small- and medium-sized businesses,” the report stated. “We have seen a significant rise in reports of breaches affecting a small number of individuals – often just one and sometimes through a targeted, personalized attack.  This is the correct approach to reporting: there can be a risk of significant harm even when only one person is affected by an incident.”

Cybersecurity experts have opined the Canadian government isn’t doing enough to protect businesses and consumers from data breaches.

A recent survey from Keyfactor, a provider of secure digital identity management solutions, revealed that 87 percent of surveyed cybersecurity pros think that more privacy and security legislation is required to better protect Canada’s businesses and consumers.

According to the survey, 58 percent of respondents think regulators and the Canadian officials are not trying to regulate the security guidance on measures like data encryption. The survey also highlighted that 50 percent of respondents stated that manual and complex processes as their greatest challenge in managing Public Key Infrastructure (PKI) while 43 percent of respondents were concerned about their ability to securely adopt DevOps, cloud, and IoT.