As data leaks continue to make headlines, Canadians are increasingly concerned about their privacy. Companies are therefore well advised to consider data protection measures as a competitive advantage to be adopted.

According to a survey[1] prepared in March 2019 for the Office of the Privacy Commissioner of Canada, 92% of Canadians were at least somewhat concerned about their level of privacy protection, and just under 4 in 10 said they were extremely concerned. Although almost two-thirds of Canadians say they are aware of their right to privacy, the vast majority are concerned about the future use of their personal information online, and are taking steps to protect it.

Doing business with companies that care about cybersecurity

Canadians listen to companies that share their privacy concerns. Reports of numerous data leaks have prompted more than eight out of ten Canadians to rethink their approach to sharing their information. Among their preferred methods of ensuring they have some control, 76% would refuse outright to share their personal data with organizations or companies. What’s more, they’d do more business with companies that are subject to heavy financial penalties for inappropriate use of their personal information. In other words, between two similar companies, a large majority of Canadians would specifically choose the one with good cybersecurity practices.

An investment that pays off

In a January 2020 survey[2] prepared for the Office of the Privacy Commissioner of Canada, almost two-thirds of Canadian companies had a privacy policy. The vast majority of these companies clearly explain how customer information is collected, used and disclosed, as well as the purpose of the collection and the nature of the data collected.

Knowing how important their privacy is to them, it’s in their interest to take proactive measures to reassure their customers and attract new ones. However, it’s not enough just to offer protection, it’s also important to ensure that the risk of a data breach is reduced.

Protective measures

Some basic safeguards to be implemented may simply include limiting the amount of personal information to be obtained from customers. Focusing on data that is strictly necessary to deliver a product or service, for example, eliminates some of the risk.

Secondly, it is essential that all companies have a section dealing specifically with why they need this personal information, which can be included in their privacy policy. In doing so, this exercise could help them know what information is actually collected, where it is stored and who has access to it to prevent loss or unauthorized disclosure.

Adequate privacy and cybersecurity training should be offered to all employees, and access to personal information should be limited to those employees who really need it to perform their duties.

The Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector require organizations and businesses to protect personal data against loss, theft, unauthorized access and disclosure, as well as disposal.

Finally, as there is no such thing as zero risk, trusting cybersecurity experts and entrusting them with IT management can be a very useful choice. As well as having access to the latest software, hardware and artificial intelligence technologies, they can constantly monitor servers and identify security flaws before an incident occurs.

Don’t play Russian roulette with your company. Investing in cybersecurity pays off!

[1] 2018-2019 Survey of Canadians on Privacy, Office of the Privacy Commissioner of Canada, https://priv.gc.ca/fr/mesures-et-decisions-prises-par-le-commissariat/recherche/consulter-les-travaux-de-recherche-sur-la-protection-de-la-vie-privee/2019/por_2019_ca/, accessed May 18, 2021.

[2] 2019-2020 Survey of Canadian Businesses on Privacy Issues, Office of the Privacy Commissioner of Canada, https://priv.gc.ca/fr/mesures-et-decisions-prises-par-le-commissariat/recherche/consulter-les-travaux-de-recherche-sur-la-protection-de-la-vie-privee/2020/por_2019-20_bus/, accessed May 18, 2021.