Privacy breaches have been a big cause of concern for all Canadians. It seems that each year the list of businesses and amount of information that gets leaked gets larger and larger. In just 2018 alone we have seen large companies like Facebook, Google Plus, Marriott International, and Air Canada face data breaches that affected hundreds of millions of users. Not only are large businesses targeted but businesses of all sizes. While large companies that have its data breached are reported on the news, countless smaller companies and businesses that are even more vulnerable to attacks go unnoticed.
Previously businesses were required to notify individuals and report to the Commissioner breaches that were it would be reasonable to believe that there would be a real risk of harm. Beginning November 1 2018, PIPEDA (The Personal Information Protection and Electronic Documents Act) some important changes will come into effect via the Digital Privacy Act. Among other things, new rules involving the reporting and record keeping of data breaches have changed. Businesses now are obligated to keep internal records of any breach of security safeguards no matter how trivial or insignificant the breach is. This can even include an employee letting a third party use their mobile phone. Companies must also keep and maintain the records about a breach for 24 months after the day the breach was discovered. At the request of the Commissioner, organizations are required to provide a copy of the report. Failure to keep such records or provide the records to the Privacy Commissioner are both offences.
Why is this important? Because if you don’t comply with the rules, you and your directors could be fined up to $100,000 per violation. Additionally, if customers suffer losses because of the data breach, your business could face civil lawsuits for damages, such as the class action lawsuit against Marriott International. You will also need to worry about your business’s reputation which can be damaged by customer’s lack of trust in your ability to keep their data safe.
All businesses must keep some form of customer information. It is important to understand how sensitive the information is and what are the steps to adequately keep the information safe. While doing so may not guarantee that your company will not lose or have its data stolen, it will reduce the cost if a data breach ever happens. One of these steps can be to inquire about cyber insurance which will protect your business in the event of a data breach. Speak to one of our knowledgeable insurance brokers today at (416)494-1268 or email firstname.lastname@example.org to find out about your options.