As of today November 1st, privacy breach notification will be mandatory at the Federal level in Canada through amendments done to PIPEDA.
From now on, the Year of the Breach
This year has been called “the year of the breach”, but so was 2017 and before that, 2016. This could be called the global warming of the privacy world. And with regulators becoming more strict about companies’ transparency practices, data privacy breach notifications will also become more prevalent.
What does this all mean to organizations and most importantly, to individuals that share their personal data with organizations?
Breach notification impacts
First of all, as I mentioned above, it will force organizations to be more transparent and take active responsibility about their data practices. The reason regulators are pushing in this direction is not to point fingers or chastise anyone – most of these regulators don’t even have the power to do any chastising in any case – but help companies learn from their mistakes, become better at managing personal data and improve the business-customer relationship of trust.
And for individuals whose data may be compromised? It gives you a chance to react and protect yourself, either by being more vigilant about the emails you receive that may be malicious or by taking active care of your credit report to avoid any issues with identity theft.
The digital age has brought a myriad of conveniences to our lives, but that has meant that we have to give some of our privacy away in order to benefit from those conveniences. Companies are learning and having growing pains when it comes to understanding the power of personal data and what are the best ways to safeguard it. And if we add into the mix some bad actors that want to take advantage wherever they find it, you have a perfect storm.
What to expect from now on?
Expect breach notifications going up this coming year because even though we keep breaking the record on breaches, the ones we know about are just a fraction of the real number of breaches taking place. With mandatory notification, more companies will come clean. The key will be to avoid “breach fatigue” which happens when you are desensitized to the severity of data breaches. Even if you hear about them on daily basis, still take them seriously, they are very important. You receive hundreds of emails a day and you still read them, right?
Will the world suddenly change?
I don’t think things are going to be too different starting today. Yes, a few more emails from companies telling you that your data may have been compromised but not much more beyond that.
One complaint the OPC has is that they don’t have enough resources to work on everything that will come their way, or the authority to do something meaningful about it.
Therefore it is up to organizations to take their corporate responsibility seriously, as well as the trust individuals have placed on them and do the right thing: safeguard personal data and if mistakes happen, learn from them and improve day-by-day.