With data leaks continuing to make headlines, Canadians are increasingly concerned about their privacy. As a result, companies are well advised to consider data protection measures as a competitive advantage to adopt.

According to a survey[1] prepared in March 2019 for the Office of the Privacy Commissioner of Canada, 92% of Canadians were at least somewhat concerned about the level of protection of their privacy, and just under 4 in 10 Canadians said they were extremely concerned. While almost two-thirds of Canadians say they are aware of their privacy rights, the vast majority are concerned about the future use of their personal information online and are taking steps to protect it.

Doing business with companies that care about cybersecurity

Canadians are responsive to companies that share their privacy concerns. Reports of numerous data leaks have reportedly led more than eight in ten Canadians to rethink their approach to sharing their information. Among their preferred methods of ensuring they have some control, 76% would refuse to share their personal data with organizations or businesses outright. In addition, they would do more business with companies that are subject to heavy financial penalties for inappropriate use of their personal information. In other words, between two similar companies, a large majority of Canadians would specifically choose the one with good cyber-security practices.

An investment that pays off

In a January 2020 survey[2] prepared for the Office of the Privacy Commissioner of Canada, almost two-thirds of Canadian businesses had a privacy policy. The vast majority of these companies clearly explain how customer information is collected, used and disclosed, as well as the purpose of the collection and the nature of the data collected.

Knowing how important their privacy is to them, it is in their best interest to take proactive steps to reassure their customers and attract new ones. However, it is not enough to offer protection, it is also important to ensure that the risk of a data breach is reduced.

Protective measures

Some basic safeguards to put in place may simply include limiting the amount of personal information to be obtained from customers. Focusing on data that is strictly necessary to deliver a product or service, for example, eliminates some of the risk.

Second, it is essential that all companies have a section specifically addressing why they need this personal information, which can be included in their privacy policy. In doing so, this exercise could allow them to know what information is actually being collected, where it is stored and who has access to it to prevent loss or unauthorized disclosure.

Adequate privacy and cybersecurity training should be provided to all employees, and access to personal information should be limited to those employees who actually need it to perform their duties.

The Personal Information Protection and Electronic Documents Act (PIPEDA) and the Quebec Act Respecting the Protection of Personal Information in the Private Sector require organizations and businesses to protect individuals’ data against loss, theft, unauthorized access and disclosure, and disposal.

Finally, since there is no such thing as zero risk, trusting cybersecurity experts and entrusting them with IT management can be a very worthwhile choice. In addition to having access to the latest software, hardware and artificial intelligence technologies, they can continuously monitor servers and identify security breaches before an incident occurs.

Don’t play Russian roulette with your business. Investing in cybersecurity pays off!

[1] 2018-2019 Survey of Canadians on Privacy, Office of the Privacy Commissioner of Canada,, accessed May 18, 2021.

[2] 2019-2020 Survey of Canadian Businesses on Privacy Issues, Office of the Privacy Commissioner of Canada,, accessed May 18, 2021.

Share this article :


Related Articles

Scroll to Top