According to Canadian lawyers who specialises in cybersecurity and data protection law, very few Canadian organisations are properly prepared to handle data breaches.
This is substantiated by the fact that the average data breach cost in Canada is the second highest in the world, according to the 2017 IBM and Ponemon Institute report. This consensus of how bad things may be is generally shared by many Canadian lawyers as well, with even the most basic protection models not in place for minimising data breaches.
Bradley Freedman, Vancouver-based law firm partner, said:
“…many Canadian organisations haven’t done some of the basic things that regulatory guidance and best practices suggest to minimise risk of a data breach.”
It seems that in many cases organisations are either not implementing data protection measures at all, or they’ve severely curtailed their desire for protection. Mr Freedman went on to say: “in my view it’s short-sighted and misguided” in terms of how organisations may choose to put resources into other parts of the business as opposed to data protection.
Risk Based Security, a cybersecurity firm, released data that showed Canada to be the third country in the world to have the greatest number of data breaches so far this year. Just falling behind the U.S. and U.K., Canada have reported 59 data breaches so far.
By comparison with other global influencers, China have only reported 22 data breaches, and there were only 19 publicly reported data breaches in Russia.
Of course, this report may not be the best indicator of whether Canada are within the top three countries that have the most data breaches, but it does say a lot as Canada’s data breach reporting apparently isn’t mandatory.
Mandatory data breach reporting will come into effect later this year when Ottawa enforces a rule (Protection of Personal Information and Electronic Documents Act (PIPEDA)) for organisations that come under ‘federal jurisdiction’ to do so. This refers to organisations that are overseen by the government.
Even though there isn’t mandatory data breach reporting in Canada, a failure to notify relevant regulators and organisations may lead to an investigation to find out if the organisation failed to undertake its responsibility to keep personal data safe. Therefore, many Canadian organisations may wish to consider reporting a data breach even if it’s not specifically required by law.
According to the IBM and the Ponemon Institute study, an average data breach costs Canadian companies $5.78 million (£4.44 million). Canada’s average data breach cost was reported to be the second highest in the world, and the cost was above the world average of $3.62 million (£2.78 million).
The study found that Canadian organisations who managed to contain a breach in less than 30 days were able to save $1.79 million (£1.38 million) in costs when compared to organisations who take longer than a month to deal with a breach.
So, the takeaway message here seems to be that those organisations who are proactive in their data breach protection and response approach can drastically reduce their costs.
As many experts say, the view should be ‘when’ data breaches happen, and not ‘if’.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.