“As in years before, ‘accidental disclosure’ was the most common cause cited for breaches,” ..... “highlighting the need for institutions to ensure proper procedures are in place to protect Canadians’ personal information."
This paragraph begins a report in IT World Canada outlining the summary of the Canadian Government experience in the period ending March 2016. It shows that government information continues to be a target for hackers and others seeking to take advantage of the massive amounts of information that is collected by governments at all levels. While the report referenced deals primarily with federal government information we can be sure that similar issues can arise in the broader public sector including provinces, municipalities and government agencies like education and hospitals.
The reported 16% increase in the number or breaches on a year over year basis tells us that in spite of increased efforts and more vigilance human error still seems to prevail.
What happens at the government level most likely happens at the corporate and personal level as well and we can expect that similar issues are potentially a big concern for all users and collectors of data. In some ways we are able to learn more about government impacts since there is a bigger emphasis here on reporting breaches than there might be in the private sector. In the article it does reference that more voluntary reports of breaches as coming under the provisions of PIPEDA in the past couple of years than have been seen in the previous timelines and this probably reflects better understanding of the provisions of the act and also a growing understanding that acknowledging a breach voluntarily is better than it being reported by a third party.
Those organizations who get in front of the news are often treated better by the media and their customers than if the issues are hidden and not acknowledged.
Implications of a continued threat
The implications of these continued data threats tell us that constant effort must be maintained by all entities to protect their data from inadvertent error as well as from outside attack. For many organizations it will be the inadvertent error that could be their undoing. As we have outlined in other articles there are steps that every organization can take to help protect their operations. Putting resources into these steps is a must which should not be undervalued.
Besides the obvious negative publicity associated with reports of a data breach there is an increasing potential of legal action being taken against the data holder by those whose information gets exposed. If this becomes common practice it increases the height of the downside for the organization which is affected.
Of course straight data breaches are not the only issues which IT managers and business managers have to be concerned about. Other threats like the ransomware attacks also hold serious concern for Canadian organizations. Recently mapping shows that attacks from this source have come to smaller centres as well as large so your geography will not necessarily protect you.
Constant vigilance is the price that has to be paid for the amount of information that organizations collect today. As more and more activity occurs the level of potential impact of negative actions will increase and making sure you have taken the logical and careful steps to protect your information, train those with access and build security around your material will help you sleep better at night.