From the Office of the Privacy Commissioner of Canada:
Ten years after Canada’s private sector privacy law came into full effect, our latest survey has found that many Canadian businesses are still not taking the basic steps necessary to protect the personal information of their customers and clients – despite believing that protecting privacy is “extremely important”.
An overwhelming majority of businesses (82%) said protecting privacy is important—in fact 59% rated it as “extremely important.” As well, more than two-thirds (69%) indicated they were “very confident” in the ability of their business to protect the personal information they collect about customers.
However, the telephone survey of 1,006 companies across Canada identified serious gaps in basic privacy protection by businesses both large and small, for example:
- More than half (55%) do not have a privacy policy;
- Half (50%) do not have procedures for responding to customer requests to access their personal information;
- Nearly half (49%) do not have procedures for dealing with privacy complaints; and
- More than two in five (42%) have not designated an employee responsible for ensuring privacy protection.
- Two-thirds (67%) have no policies or procedures for assessing the privacy risks of new products, services or technologies.
The survey, carried out in November 2013 by Phoenix Strategic Perspectives of Ottawa, also found that 59% of the surveyed businesses have little or no concern about the prospect of a data breach. Despite numerous high-profile media reports of data breaches in the private sector over the past few years, the number of businesses indicating a lack of concern about data breaches has increased over time to 59% from 49% in 2011 and 42% in 2010.
In addition, 58% of the businesses surveyed had no guidelines for dealing with a breach where the personal information of their customers was compromised.
We commissioned the survey, which is considered to be accurate to within +/- 3.1%, 19 times out of 20, in order to better understand the extent to which businesses are familiar with privacy issues and requirements, and the types of privacy policies and practices they have in place. Similar surveys were conducted in 2011, 2010 and 2007.
What do you think – are businesses doing an adequate job of safeguarding customer information? What challenges do they face in protecting privacy? Let us know in the comments.
lol
When I read this part:
“What do you think,” and, ” Let us know in the comments.”
…I was about to add some saucy comments to that site (I may still yet). But, then I realized, with all the info just being given away over here to just about anyone, and to any gov agency that comes asking, PrivCom would likely just forward my comments, name, IP and Email address to whoever asked for it. After-all, there isn’t really any enforcement up here of anything. And even if there was, any gov agency and company can apparently twist, distort and interpret anything in any way that suits them when it comes to the privacy act or PIPEDA.
Besides, time and time again the courts here put zero value on privacy unless there has been some sort of measurable, monetary or tangible harm to an individual. Though once in a blue moon we see a glimmer of hope from the courts, but that’s just an unnatural oddity.
oh… I think I’m starting to get going… Better stop.