Legislators are regularly introducing and passing laws that are meant to protect the personal information that individuals provide to businesses and regulate how businesses can use that personal information. But how does the consumer feel about a business' responsibility to protect their personal information?

GetApp1 conducted an online consumer privacy survey in the Summer of 2022. It surveyed over 1,000 adult Canadian consumers who shopped online at least once a month. The results are clear – consumers expect businesses to protect their personal information, and their decision to transact with a business is influenced by its data protection practices.

Interesting and informative findings from the GetApp survey that businesses should pay attention to include:

  • 33% of respondents said that they are more concerned about the data privacy practices of online companies compared to a year ago.
  • 41% of respondents said that companies are responsible for online privacy (with 35% of the view that the federal government bears this responsibility).
  • 79% of those surveyed indicated that consumers factor a company's data privacy practices into their decision about whether to do business with it. 19% of consumers "always" researched a company's data privacy reputation before transacting with it.
  • In the context of interacting with a company for the first time, 67% were agreeable to sharing their personal information with a business if it would result in better and more efficient service or products. The willingness to share personal information was influenced by the type of information being disclosed.
  • Over half of respondents – 56% - stated they would prefer to pay for a service than share personal information.
  • A slight majority of consumers – 56% - surveyed indicated they were confident that their personal information was secure when provided to an online company. However, 33% disagreed somewhat, and 10% strongly disagreed. Only 7% stated that they had strong confidence in the security of their information.

Obviously, compliance with the law is an important reason to have a privacy management program and data security safeguards in place. More compelling to a company's bottom line, however, is that a failure to do so could cost you sales and a loss of client confidence in your company.

Below are the components of a privacy management program:

  • A privacy officer who is responsible for the development and implementation of the organization's privacy controls and their ongoing monitoring.
  • Personal information inventory.
  • Policies, including the collection, use, and disclosure of personal information, requirements for consent, and retention and disposal of personal information.
  • Administrative, physical, and technological security controls.
  • Risk assessment tools.
  • Training and education requirements for employees and contractors.
  • Breach and incident response procedures.
  • Service provider management, including data protection agreements.

Long gone are the days when a company could ignore its data protection management and protection practices. To do so is to unnecessarily expose your organization to significant risks – both monetary and reputational.


1 GetApp is an online resource for businesses exploring software as a service (SaaS) products.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.