19 million Canadians have had their data breached in eight months
An estimated 19 million Canadians have been affected by data breaches between November 2018 and June 2019, according to numbers obtained by "Attention Control with Kevin Newman," a new podcast that launched Monday.
The numbers come from 446 breaches that were reported to the Office of the Privacy Commissioner of Canada (OPC). Victims of these kinds of data breaches are vulnerable to identity theft, financial crime, even violence in some cases.
The new reporting laws that require businesses to report breaches where there could be a real risk of significant harm to the OPC and the people affected came into effect last November. Between then and June 2019, the OPC received 446 breach reports, nearly six times the number of reports received during the same time period under the previous voluntary reporting system.
This will be especially significant during Canada’s election campaign, when parties look to gather as much information as they can to target voters with political messaging on social media. But political parties do not have to report data breaches to individuals or the OPC, as they are exempt from privacy laws that regulate the storage, collection and use of personal information.
Number of data breaches likely much higher
The number of Canadians impacted by a data breach during this time is likely higher, as this estimate does not include how often public bodies lose or mishandle personal data. While the federal government has to report certain data breaches, there are no laws requiring political parties and many provincial public bodies to report data breaches to individuals or a privacy commissioner or ombudsperson.
Public agencies have some of the most sensitive information on Canadians including financial data, medical information and even how you voted. Attention Control is investigating how this kind of information is being used by political operatives during the upcoming federal election to possibly mislead and even manipulate voters.
Of the 446 breaches reported to the OPC, most (59 per cent) were a result of unauthorized access such as a hack or “internal bad actor”. 22 per cent were from accidental disclosures, such as information being sent to the wrong person or being left behind. Thirteen per cent of reports were from loss of data, which could be the physical loss of a usb drive or even paper files. Six per cent was from physical theft of things like computers, drives or paper files.
“Attention Control with Kevin Newman” is a new podcast from Antica Productions, and will be investigating the intersection of data, technology, and democracy during the federal election campaign. Every week during the campaign, the show will bring listeners data-driven investigations that will help separate fact from fiction, as well as timely, in-depth interviews with insiders from the tech industry and their critics.