By Michelle Johnston, CIPM, CIPP/US – Compliance Privacy Officer at CSR Privacy Solutions, Inc.
Businesses subject to Personal Information Protection and Electronic Documents Act (PIPEDA) are required to report any breach of security safeguards involving personal information that pose a risk of significant harm to the Office of the Privacy Commissioner of Canada (OPC).
In addition to the requirement to report breaches of security safeguards, businesses must keep and maintain, for a minimum of two years, a record of every breach of security safeguards involving personal information in its possession. The OPC has the authority to proactively inspect these records.
The OPC’s analysis resulting from the past year’s mandatory breach reporting revealed that 58% of reported breaches involved unauthorized access. One in five data breaches involved accidental disclosure — documents containing personal information were provided to the wrong individual.
Some challenges faced by Canadian businesses resulted from third parties collecting personal information on their behalf without appropriate safeguards, and employees who were not aware of privacy risks and their privacy responsibilities. Each of these scenarios lead to a breach.
The OPC provided tips to reduce privacy breach risks, such as:
These details and more information on this topic can be found at OPC’s website at https://www.priv.gc.ca/en/blog via their published blog.
CSR Privacy Solutions, Inc. can ease the tension small to medium size businesses (SMB) may feel with implementing and keeping up to date with necessary policies and procedures. It is literally privacy made simple with focus on risk awareness, avoidance and evaluation. CSR Readiness® Pro is an award-winning bundle of privacy solutions that businesses use to mitigate the risk of data breach and consequences related to non-compliance associated with the handling of legally protected personal information.
CSR Readiness delivers a PROACTIVE solution, enabling small to medium size businesses (SMB) to assess their privacy systems and safeguards and presents them with suggested improvements for areas the program identifies as deficient. Many companies may still suffer a data breach – when this happens, Breach Reporting Service is the REACTIVE solution that provides privacy reporting for the SMB community. CSR-V3 is an automated vendor privacy risk reduction tool which documents your vendor management, verification and validation due diligence.