Do you know the difference between a security breach and a privacy breach? A security breach is unauthorized access to your data. A privacy breach is the unauthorized collection or sharing of your data. If your business has an issue with either one, you can contact the Office of the Privacy Commissioner of Canada (OPC) for assistance. They can provide information about what you need to do to protect your customers and your business.
The Personal Information Protection and Electronic Documents Act (PIPEDA) gives the OPC its authority. On June 18, 2015, that authority was updated to include the Digital Privacy Act. Information related to reporting a breach is found among the amendments in the Digital Privacy Act. These two laws work together to provide a framework for Canada’s cyber-security and data privacy concerns. In a nutshell, the laws require business owners to collect a person’s consent before collecting or using their data. They also give Canadians data rights. These rights include the right to access your own personal information and the right to challenge the accuracy of that personal information. Canadians also have the right to be informed of their privacy rights. This notification can be included in mailing lists, newsletter subscriptions, or directly on your website or any type of market research.
What kind of data is included? The Privacy Act and the PIPEDA protect all kinds of data, including names, email addresses, photos, bank details, social media posts, and even computer IP addresses. Failure to handle this data correctly, whether digital or physical, can result in losses.
The OPC is open to both individuals affected by a breach and companies that have a breach. To get started, contact the OPC’s Information Centre for more details, or visit their Report a Concern page. This page gives you with the ability to submit a concern about privacy issues directly to the OPC online.