"I believe that some companies do understand their duty while others are quite unaware of their obligations and the potential risk of exposure they have. For example, the Office of the Privacy Commissioner of Canada (OPC) just released a report summarising the changes in breach reporting since mandatory reporting was implemented in November 2018. The OPC found that the majority of reports relate to unauthorised access. Now, some of this was access by outside bad actors but a large portion of it was access from within, such as employees with improper data access permissions looking at what they were not supposed to be looking at."

To view the full article please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.