The number of reported data breaches in Canada increased six-fold after the country implemented new breach-reporting regulations under a federal private sector privacy law.
Amendments introduced last year to the 19-year-old federal Personal Information Protection and Electronic Documents Act forced companies to report all data breaches affecting an organization. Now the results are in.
By far the most impressive number is that of reported breaches, which increased six fold since 2018. Now that companies are required to disclose all details regarding a data breach, especially if it presents any risk to individuals, 680 breach reports were received. In total, more than 28 million Canadians were affected in a single year.
“The majority of reported breaches – 58 per cent – involved unauthorized access,” says the Office of The Privacy Commissioner of Canada. “We have seen a significant rise in reports of breaches affecting a small number of individuals – often just one and sometimes through a targeted, personalized attack. This is the correct approach to reporting: there can be risk of significant harm even when only one person is affected by an incident.”
Furthermore, social engineering and employee snooping are two common ways to gain unauthorized access. One in four security incidents in the year involved phishing.
The report points out that it’s not always malicious intent behind a data breach, as one in five incidents involve accidental disclosure. Users often send important information to the wrong people via email.
Also, hardware failures account for 12% of all data breaches, followed by actual theft of documents, computers or computer components, at only 8%.
All in all, it seems the new regulation is giving Canadians a much clearer sense of how exposed their data really is.