The Office of the Privacy Commissioner of Canada (OPC) has published the results of its assessment of the various data breach incidents that have occurred over the past year, noting that tens of millions of individuals’ private data have been compromised.
Based on data the OPC gathered from reports by private sector firms, the commissioner revealed in its assessment that over the past 12 months, about 28 million Canadians were affected by a data breach incident. In total, there were 680 breach reports for the year ending October 31, 2019.
The assessment was published a year after the Personal Information Protection and Privacy Act (PIPEDA) came into effect November 01, 2018. Under the regulations of the PIPEDA, companies are required to report breaches to the OPC, when previously it was a voluntary option.
This year’s breach reports number, 680, is about six times the volume the OPC typically received prior to PIPEDA coming into force.
The OPC offered a breakdown of the reported data breach incidents:
- 397 (58%) of the 680 incidents were due to “unauthorized access” (data breaches and employee snooping)
- 147 were due to “accidental disclosure” (i.e., information sent to the wrong email address, or to multiple people by BCC instead of only one person)
- 82 incidents were due to “loss” (which likely include losses of laptops, hard drives and USB devices)
- 54 were due to theft
“We see these as big numbers, they are bigger than we anticipated, but at the same time it could be the tip of the iceberg,” said deputy privacy commissioner Brent Homan in a statement, adding that the exorbitant data breach numbers could be an indication of a larger problem than has been reported.
Homan also found the numbers “quite alarming,” considering Canada’s population is only 37 million.
“We are really looking at businesses to turn their attention to protecting customers’ information so they can maintain and support trust and faith in their industries,” the deputy commissioner stated.
IT World Canada reported that the OPC’s report actually falls about two million short. Just a day after the OPC report was published, Desjardins announced that the data of all 4.2 million of its credit union customers were affected by the data breach it reported in June. The company originally announced that only 2.7 customers were affected.