On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).
Since November 1st, 2018, the Canadian government received 680 breach reports. That is six times the volume received during the same period one year earlier.
Key takeaways from OPC report:
- Know what personal information you have, where it is, and what you are doing with it. You must understand your data before you can protect it!
- Know your vulnerabilities. Conduct risk and vulnerability assessments and/or penetration tests. Identify your organizations’ weak points before a breach identifies them for you!
- Be aware of breaches in your industry.
- The majority of reported breaches — 58 percent — involved unauthorized access.
- Employee snooping and social engineering hacks are key factors behind breaches resulting from unauthorized access.