November 01, 2019 - Private Sector

One year on, OPC releases stats on mandatory breach reporting

To mark the first anniversary of the mandatory breach reporting regulations under the Personal Information Protection and Electronic Documents Act (PIPEDA),  the Office of the Privacy Commissioner (OPC) released the following figures about reported data breaches since November 1, 2018:

  • The OPC has received 680 breach reports, a six-fold increase over the previous year, when breach reporting was voluntary.
  • Over 28 million Canadians have been affected by a data breach.
  • 58% of reported breaches involved unauthorized access.
  • Approximately 25% of reported incidents involved social engineering attacks like phishing and impersonation.
  • More than one in five data breaches reported to the OPC involved accidental disclosure.
  • 12% of breach reports involved situations where there may have been disclosure due to loss of a computer, storage drive or paper files.
  • 8% of breach reports involved theft of documents, or computers or their components, leading to a data breach.

For more information on these statistics and the OPC’s tips for responding to a data breach, see the OPC’s blog post, A full year of mandatory data breach reporting: What we’ve learned and what businesses need to know.

These interesting trends will be further discussed on AccessPrivacy’s November Monthly Call, to be held on Wednesday, November 27, 2019 at 11:30 a.m. Eastern Daylight Time.