Tag Archives: data breach report

New Data Breach Reporting Requirements in Canada

The Office of the Privacy Commissioner of Canada (OPC) recently released official guidance for reporting data breaches pursuant to Canada’s new data breach reporting law. A change in Canada’s law, effective November 1st, requires companies subject to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) to report data breaches in certain instances and keep records of all breaches. The guidance relates to how to determine what breaches must be reported to the OPC, and what kind of notice you need to give individuals. The guidance also relates to the obligation to keep records of breaches and what information needs to be included.

Qualifying a Reportable Breach

A “breach of security safeguards” refers to the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of a company’s security safeguards or a failure to establish security safeguards. Continue reading New Data Breach Reporting Requirements in Canada

Dissecting 2018’s Mid-Year Data Breach Statistics

After the first six months of 2018, 4.5 billion data records have already been compromised according to a recent report. Data breaches have affected businesses large and small, from Adidas (two million records compromised) to Facebook (up to two billion accounts affected) to municipal airports and accounting firms, and 2018 has already seen more than its fair share of massive global data breaches.

The Gemalto Report

Digital security specialist Gemalto revealed in a new report that 945 data breaches led to a staggering 4.5 billion data records being compromised worldwide in the first half of 2018.

Although the total number of breaches were down from the same period the year before, the number of records compromised were up over 130 percent as the severity of individual incidents increased. Continue reading Dissecting 2018’s Mid-Year Data Breach Statistics

The Ultimate Guide to California Data Breaches

Attorney General Kamala Harris released a report – California Data Breach Report 2012-2015 – detailing four years’ worth of data breaches her office has seen. From 2012 to 2015, 657 data breaches were reported to the Attorney General’s Office, totaling more than 49 million records of compromised personal information.

Attorney General Harris states in the report, “California is leading the nation with measures to prevent data breaches, but we can do better. This report clearly articulates basic steps that businesses and organizations must take to comply with the law, reduce data breaches, and better protect the public and our national security.”

The report provides details about the common types of data compromised, the industry sectors most susceptible to a breach, and recommendations to reduce the risk of a data breach.

Types of Data

The top three types of data compromised over the past four years:

  • Social Security numbers
  • Payment card data
  • Medical information

Industry Sectors

The following industry sectors accounted for the most breaches over the past four years:

  • Retail sector – 24% of breaches & 42% of records breached
  • Financial sector – 18% of breaches & 26% of records breached
  • Healthcare sector – 16% of breaches
  • Small businesses – 15% of breaches

Recommendations

The Attorney General’s report made the following recommendations to organizations to comply with the state laws and help reduce the likelihood of a data breach occurring:

  • Controls: Adopt the Center for Internet Security’s Critical Security Controls as the start of a comprehensive information security program.
  • Multi-Factor Authentication: Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.
  • Encryption: Consistently use strong encryption to protect personal information on laptops and other portable devices, and consider using it for desktop computers as well.
  • Fraud Alert: Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files and highlight this in breach notices.