The number of reported data breaches in Canada increased
six-fold after the country implemented new breach-reporting regulations under a
federal private sector privacy law.
Amendments introduced last year to the 19-year-old federal
Personal Information Protection and Electronic Documents Act forced companies
to report all data breaches affecting an organization. Now the results are in.
By far the most impressive number is that of reported breaches, which increased six fold since 2018. Now that companies are required to disclose all details regarding a data breach, especially if it presents any risk to individuals, 680 breach reports were received. In total, more than 28 million Canadians were affected in a single year.
“The majority of reported breaches – 58 per cent –
involved unauthorized access,” says the Office of The Privacy Commissioner of
Canada. “We have seen a significant rise in reports of breaches affecting a
small number of individuals – often just one and sometimes through a targeted,
personalized attack. This is the correct
approach to reporting: there can be risk of significant harm even when only one
person is affected by an incident.”
Furthermore, social engineering and employee snooping are
two common ways to gain unauthorized access. One in four security incidents in
the year involved phishing.
The report points out that it’s not always malicious
intent behind a data breach, as one in five incidents involve accidental
disclosure. Users often send important information to the wrong people via
email.
Also, hardware failures account for 12% of all data
breaches, followed by actual theft of documents, computers or computer
components, at only 8%.
All in all, it seems the new regulation is giving
Canadians a much clearer sense of how exposed their data really is.