Canadian Businesses Could Do a Lot More to Protect Your Data

It’s seems that it’s not just Android phones that could do a better job protecting your data. The report, provided by the Office of the Privacy Commissioner of Canada and conducted by Phoenix Strategic Perspectives, surveyed 1,000 businesses in various industries in order to measure their habits when storing personal data on digital devices.

While it was determined that 77% of the businesses polled consider it important to protect the privacy of customers (this seems low to me), it was also revealed that 48% of them store private data without any form of encryption whatsoever.

Federal Privacy Commissioner Jennifer Stoddart explains the need for such encryption: “Encryption is one step better than locking your doors— it is like putting information into a safe—and it can really help limit the risks if a laptop is stolen or a USB key is misplaced.  Businesses that lose their customers’ data, lose their customers’ trust, so they need to take every precaution to ensure they safeguard personal information they hold.”

James Quin, lead research analyst at Info-Tech Research Group, explained that IT businesses are tentative to encrypt data due to misconceptions about the difficulties involved. “Commercial encryption software can be purchased for as low as $50 to $80,” he notes. “The real issue is lack of user awareness and education.”

Some other interesting numbers in the survey:

  • 96% of businesses use passwords to protect data, but 39% of those do not ensure passwords are difficult to guess, and 27% do not require employees to change their passwords regularly.
  • 55% of businesses store personal information on desktop computers, 47% on servers, and 23% on portable devices.  Only 73% of these devices use passwords, encryption, or firewalls.
  • Only a paltry 40% of businesses were concerned about breaches that might compromise the personal data of their customers, while only 31% had guidelines in place to respond to a breach.
  • 32% have staff trained in Canadian Privacy Law information practices, 48% have guidelines to deal with customer privacy complaints, over 60% have a privacy policy (of which 57% update it once a year and 35% inform the customer about changes), and 39% viewing privacy protection as a competitive advantage.

The survey can be found here.