“Does your company have a privacy policy?”
OPC publishes 2019 Canadian survey results on privacy-related issues
Canadian businesses have generally embraced protecting their clients’ data. But, according to the results of new survey from the Privacy Commissioner of Canada, there’s still some work to do.
The survey of 1,003 Canadian businesses on privacy-related issues, was conducted by Phoenix Strategic Perspectives from Nov. 29 to Dec. 19, 2019 and focused on the type of privacy policies and practices in place, legal compliance, and awareness of, and approaches to, privacy protection.
Respondents were senior decision-makers with knowledge of their company’s privacy and security practices. The results were weighted by sector, region and business size.
Among the findings:
- Nearly 65 per cent of companies have a privacy policy, 32 per cent don’t have a privacy policy, and three per cent aren’t sure.
- A company’s size continues to be the strongest predictor of a company’s privacy practice with large companies more likely to have privacy policies and practices in place.
- The vast majority of companies (95 per cent) say they have not experienced a privacy breach with four per cent of companies saying they have. Half of the companies that experienced a privacy breach say they notified affected customers.
- In terms of level of concern – a rating from one (low) to seven (extremely) – about a data breach, 30 per cent said they’re extremely concerned, and 33 per cent said they’re not concerned. This number has fluctuated over time, from a low of 24 per cent in 2013 to this year’s high of 37 per cent – levels seven to six – extremely concerned.
- More than 77 per cent said they have taken steps to ensure they comply with Canada’s privacy laws. Companies in Alberta (86 per cent) and Ontario (84 per cent) were more likely to comply than companies on the prairies (64 per cent) and Quebec (68 per cent). This compliance with Canada’s privacy laws is a significant increase from 2017 (66 per cent).
According to McCarthy Tetrault, a Canadian law firm, it’s unclear what percentage of businesses are adequately prepared to respond to a data breach. The OPC study did not specifically ask which businesses have incident response plans in place, so it’s unknown how many can deal quickly with a security breach and compliance with OPC’s guidelines.
What your business can do
On a daily basis, new technology threats and situations occur that can affect your organization’s ability to do business. A recent example is COVID-19 in which many organizations had no emergency remote-work plan in place. It’s important to have such plans in place, so that you can resolve these issues quickly, keep customers satisfied, and remain open for business.
At 365 Technologies, we can help your small- to medium-sized business create a secure network, develop incident response and remote work policies and plans, help train your staff on best practices, and integrate trusted and secure Cloud services to give you peace of mind.
