Asset theft contributes to Canada data breaches

After the first year of mandatory data breach reporting in Canada, it has become clear that lost or stolen records and devices account for a sizeable percentage of breaches.

Starting Nov. 1, 2018, Canada began requiring businesses to report to the federal government breaches of personal information when there is “real risk of significant harm.” A year later, the Office of the Privacy Commissioner of Canada (OPC) reported on some early takeaways from the breach notifications.

Overall, the OPC received 680 breach reports since Nov. 1, 2018, six times the number from the same period the year before, when reporting was voluntary. Breaches fell into the following categories:

• 58% were caused by unauthorized access, including hacking and employee snooping.

• 22% were accidental disclosure, including sending documents with personal information to the wrong person or leaving them behind accidentally.

• 12% were from loss of a computer, storage drive or paper files.

• 8% were from theft of documents, computers or computer components

• The breaches affected a total of over 28 million Canadians, according to OPC.

Read more from Resource-Recycling here.