Privacy Weak Study Warns

Dale Smith, www.blacklocks.ca
Only a third of Canadian companies train staff on privacy issues and 23% are unaware of federal law governing safeguards, says federal research. The study by the Privacy Commissioner noted a quarter of companies also store customer data on USB sticks and other portable devices.

“It seems to me too many companies still see privacy as a luxury, that we don’t have the money; it’s too complex, too daunting,” said Chantal Bernier, former commissioner. “So they look the other way instead of understanding what every good company understands.”

Executives and managers of companies large and small were interviewed for the 2016 Public Opinion Research With Canadian Businesses On Privacy-Related Issues. Results showed fewer than a third of companies, 32 percent, used electronic encryption to protect customers’ personal information in case of loss or theft.

“These results are consistent with every other survey of similar scope and with my observations on the ground,” said Bernier, counsel with Dentons LLP of Ottawa. Bernier said the findings point to a “great legal divide” over mandated protection of data and everyday business practices that see employees store records on personal electronic devices.

“You have big companies that are improving compliance and increasing awareness and truly addressing privacy risk management as a central corporate risk plan,” said Bernier. “Then you have smaller companies that are daunted it seems by the complexity of the issues and the cost – because you need an expert to take care of it and to advise you. Clearly they are still rolling the dice, hoping they will not get caught.”

Opinion Research found of businesses surveyed, ranging from small family enterprises to multi-million dollar corporations, 23 percent were unaware of the Personal Information Protection & Electronics Documents Act. Other findings included:

57 percent had designated privacy officers;
44 percent had privacy policies “that explain to customers how they will collect and use customer personal information”;
32 percent trained staff on protecting customer data;
23 percent allowed employees to use personal electronic devices for work.

“There are countries that are adopting fines, there are countries that are increasing fines – but much more importantly in Canada, without any change in the law, the courts are more and more recognizing a tort with damages for violation of privacy,” said Bernier. “Cases have awarded up to $20,000 to an individual for breach of privacy. A company that doesn’t do its homework, that doesn’t do its due diligence on privacy compliance, could find itself paying a lot more than for privacy advice upfront.”

“What it shows for us to move forward is to provide even more resources or to alert small and medium-sized businesses to the existing resources on privacy compliance,” said Bernier. “The Privacy Commissioner has excellent documents on their website, and they may want to do a push to make small and medium-sized businesses aware of those resources.”

Opinion Research said 25 percent of managers surveyed kept permanent records on clients’ credit card or banking information. Seventeen percent sent data to third parties for processing or storage, such as cloud computing.

TULUM IS CALLING

Travel Services Industry Sees Steady Recovery in Canada

Saskatchewan Extends Small Business Tax Reduction

Privacy Weak Study Warns