From the Office of the Privacy Commissioner of Canada:
Ten years after Canada’s private sector privacy law came into full effect, our latest survey has found that many Canadian businesses are still not taking the basic steps necessary to protect the personal information of their customers and clients – despite believing that protecting privacy is “extremely important”.
An overwhelming majority of businesses (82%) said protecting privacy is important—in fact 59% rated it as “extremely important.” As well, more than two-thirds (69%) indicated they were “very confident” in the ability of their business to protect the personal information they collect about customers.
However, the telephone survey of 1,006 companies across Canada identified serious gaps in basic privacy protection by businesses both large and small, for example:
- Half (50%) do not have procedures for responding to customer requests to access their personal information;
- Nearly half (49%) do not have procedures for dealing with privacy complaints; and
- More than two in five (42%) have not designated an employee responsible for ensuring privacy protection.
- Two-thirds (67%) have no policies or procedures for assessing the privacy risks of new products, services or technologies.
The survey, carried out in November 2013 by Phoenix Strategic Perspectives of Ottawa, also found that 59% of the surveyed businesses have little or no concern about the prospect of a data breach. Despite numerous high-profile media reports of data breaches in the private sector over the past few years, the number of businesses indicating a lack of concern about data breaches has increased over time to 59% from 49% in 2011 and 42% in 2010.
In addition, 58% of the businesses surveyed had no guidelines for dealing with a breach where the personal information of their customers was compromised.
We commissioned the survey, which is considered to be accurate to within +/- 3.1%, 19 times out of 20, in order to better understand the extent to which businesses are familiar with privacy issues and requirements, and the types of privacy policies and practices they have in place. Similar surveys were conducted in 2011, 2010 and 2007.
What do you think – are businesses doing an adequate job of safeguarding customer information? What challenges do they face in protecting privacy? Let us know in the comments.