The media are reporting this week that the Office of the Privacy Commissioner received 446 breach reports since Nov. 1 of last year. Does that number surprise you?
Those 446 breaches are for Personal Information Protection and Electronic Documents Act–related breaches only. That number doesn’t even take into account those breaches reported provincially or those that are happening in the public sector. I think it’s a lot, but I’m also quite certain there are still many organizations that either deliberately or by ignorance don’t report when there is unauthorized access to personal information.
The news article also tallies up the number of affected individuals. Want to guess? Nineteen million affected individuals. Mind you, some people will have been victim to more than one breach, but we’re still talking about nearly half the entire country’s population having their personal information the subject of a breach. And, did I already mention that this was only the PIPEDA-related breaches? Outstanding.
Another story in the news this week is about how the Ontario Cannabis Store violates its own privacy statement and sells postal code data of its buyers to the drug manufacturers. While it is only the first three digits of the postal code being sold, what is shocking is how it blatantly contradicts the pledge made in its privacy statement not to sell any personal information it collects from consumers. Remember that in certain communities those first three digits can really pinpoint.
Together, these two stories have diminished the trust I have in our new economy, and I can’t help but think we need better laws and tools in place to protect us. Now that the fall is almost upon us and the election is getting underway, let’s encourage our politicians to make this a priority.