Privacy Commissioner: Canadian Businesses Are Not Protecting Your Personal Data

Canadian businesses are storing your personal data. Unfortunately, they’re not protecting that data.

A new survey by the Privacy Commissioner of Canada released today found that many companies in our country are not using passwords effectively to protect private information. 39% do not have mechanisms that ensure the difficulty of passwords while 27% never require employees to change their passwords, according to the results of the study.

“Using passwords is like locking your front door. They can be a very simple and effective way to protect valuable personal information,” says Commissioner Stoddart. “But simply setting a password is not enough to thwart today’s savvy online criminals—passwords must to be complex and dynamic.”

Many businesses are also storing private data on vulnerable personal devices such as USB keys —and 48% are not encrypting that information.

“Encryption is one step better than locking your doors—it is like putting information into a safe—and it can really help limit the risks if a laptop is stolen or a USB key is misplaced,” explains Commissioner Stoddart. “Businesses that lose their customers’ data, lose their customers’ trust, so they need to take every precaution to ensure they safeguard personal information they hold.”

Despite these shortcomings, Canadians are aware of the importance of privacy protection: 77% attribute “considerable importance” to protecting personal information. In fact, 39% consider it a competitive advantage, another 24% consider it a significant advantage, and a further 15% consider it a modest advantage.

“I am encouraged to see that companies are beginning to realize the importance of building privacy into their business processes,” notes Commissioner Stoddart. “Smart businesses know that taking the time to build privacy in from the beginning is much easier than cleaning up a privacy breach down the road.”

However, immediate problems do still exist: just five in five businesses have a privacy policy in place, and less than half have procedures to deal with customer complaints regarding mishandled information.

Photo: Sean Kilpatrick/The Canadian Press