10 May 2012

When using technology to safeguard personal information, sometimes small steps can prevent a big loss


An Office of the Privacy Commissioner of Canada (OPC) survey of 1,006 companies across Canada shows that many businesses are not employing recommended technological tools or practices to protect the digitally-stored personal information of their customers.

For example, the survey found that while the vast majority of companies are using passwords to protect personal information stored on digital devices, many do not ensure that passwords are difficult to guess or that their employees change them regularly—two practices that can really help thwart online criminals.

The survey also showed that almost 50% of companies that store personal information on portable devices like laptops, USB sticks, and tablets do not use encryption to protect the information on these devices—despite the fact that these types of devices are far more likely to be misplaced, lost or stolen.

While the survey did find that many Canadian companies recognize the importance of protecting privacy, it is vitally important that businesses take the time to get it right—for their customers and for their own survival. Businesses that jeopardize personal information, risk losing their customers’ trust and their business.

The complete survey, which is considered to be accurate to within +/- 3.1%, 19 times out of 20, can be found on our website.


6 Responses

Paul Darlaston Says:

Further to the findings of the survey – it is also clear that the minority who do use encryption – usually for anonymizing the personal information in their custody for secondary purposes – do not understand the first principles of a) anonymization i.e. the process should not be reversible and b) the encryption method used should be appropriately hardened so that a) cannot occur!

Geoff Says:

The survey also showed that almost 50% of companies that store personal information on portable devices like laptops, USB sticks, and tablets do not use encryption to protect the information on these devices—despite the fact that these types of devices are far more likely to be misplaced, lost or stolen.

That is scary!

Jeff Says:

It scares me how lackadaisical businesses are about security these days! It’d be so simple to mandate employees use something like TrueCrypt on their devices, but we’ve seen almost no progress here.

Talking to our clients in Montreal, it’s almost scary how readily accessible patient information in… even in the medical field which is supposed to be more secure than others.

Nathan Says:

50% don’t encrypt their passwords on portable devices? Why?! I would suggest multiple levels of encryption for sensitive data.

michael Says:

i agree with you guys. you should see some of the passwords i come across as a network admin. its amazing. these passwords have been in cracker password lists since aol 2.5.

Leave a Reply

If you wish to leave a reply, you will be asked to provide your name and e-mail address. Your e-mail address is required for the purposes of limiting spam and contacting you should we have questions about your comment.





To learn more about why this information is collected and how it will be used, please read our Blog Comment Policy.