Canadian businesses report increased knowledge of
privacy issues, but little progress in implementing privacy
policies or response plans for data breaches – placing them
at risk for new enforcement activities and fines.
The Office of the Privacy Commissioner of Canada
("OPC") recently commissioned a
telephone survey of 1,016 Canadian companies to find out how
Canadian businesses fare with their privacy knowledge and
protections. The informative report on the survey, the 2015
Public Opinion Research with Canadian Businesses on Privacy-Related
Issues, can be accessed here.
It turns out that while much has changed, much has also stayed
the same. A summary of some of the highlights from the survey
report is provided below.
Privacy Knowledge Increasing
There are a few notable areas where companies have improved in
their knowledge of and compliance with privacy issues. For
instance, companies are increasingly familiar with privacy
legislation and have policies or procedures in place to assess
Now, more than ever, the majority of companies are at least
"somewhat familiar" with their responsibilities under
Canada's privacy laws. Fifty-nine percent of business
executives said their company has taken steps to ensure that it
complies with the Personal Information Protection and
Electronic Documents Act (PIPEDA), and the majority of these
respondents said that they have not found compliance to be
In addition, the vast majority of companies now use tools to
protect customer information such passwords, firewalls and
encryption, more than the last survey conducted in 2013.
These findings suggest an increase in the general knowledge of
privacy obligations and concerns, as well as some greater action on
behalf of companies to protect customer information.
Privacy Compliance Lagging
There has been less improvement with respect to dealing with
actual privacy data breaches. The OPC's survey results show
only a modest increase in the number of companies who have policies
and procedures in place in case of an actual breach.
Moreover, less than half of respondents reported having privacy
policies to inform customers about what kind of personal
information they collect and how the information is used.
Finally, the number of respondents who said their company is
"highly aware" of its responsibilities under Canada's
privacy laws is virtually unchanged from 2013.
These trends should change more readily particularly given the
OPC's now broader powers to enforce and penalize for privacy
here for more details).
Potential damages of up to $1 million per day may be imposed. I refer to the blog by Aaron Baer "Are You Compliant With Canada's Anti-Spam Law? If Not, Expect Lawsuits Starting on July 1 of This Year."
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).