Privacy Commissioner of Canada, the government body that took on global social network Facbeook (and won) over its privacy and security issues released data from a new poll this morning. The poll looked at how Canadian businesses are storing customer information in this digital age that we live in as there continues to be increased concerns of security tools and methods to ensure consumers are protected. An independent third party was commissioned to conduct telephone interviews with 1,006 companies across Canada, and as part of the process found they to use desktop computers (55%), servers (47%) and portable devices (23%). Most (73%) are using some type of technological tool, such as passwords, encryption or firewalls, to prevent unauthorized access to the personal information stored on these devices.
However, the survey also suggested that many businesses may not be adequately using technology when it comes to protecting the personal information they store digitally.
For example, passwords are the most popular technological tool used by businesses to protect personal information (96%). However, of those using passwords, 39% do not have controls in place to ensure that those passwords are difficult to guess, and 27% never require employees to change passwords.
“Using passwords is like locking your front door. They can be a very simple and effective way to protect valuable personal information,” says Commissioner Stoddart. “But simply setting a password is not enough to thwart today’s savvy online criminals—passwords must to be complex and dynamic.”
The poll, conducted in late November and early December 2011 by Phoenix Strategic Perspectives, also found that nearly one quarter of businesses are storing personal information on portable devices, such as laptops, USB sticks or tablets, which are more vulnerable to theft and loss. Nevertheless, almost half of those who do (48%) indicated that they did not use encryption to protect the information on these devices. Encryption refers to the use of a secret code as a key to scramble information to make it unreadable. Once the information is scrambled, only the same key can be used to unscramble the information and make it readable again.
“Encryption is one step better than locking your doors— it is like putting information into a safe—and it can really help limit the risks if a laptop is stolen or a USB key is misplaced,” says Commissioner Stoddart. “Businesses that lose their customers’ data, lose their customers’ trust, so they need to take every precaution to ensure they safeguard personal information they hold.”
The survey did find that many Canadian companies attribute considerable importance to protecting privacy (77%).
“I am encouraged to see that companies are beginning to realize the importance of building privacy into their business processes,” said Commissioner Stoddart. “Smart businesses know that taking the time to build privacy in from the beginning is much easier than cleaning up a privacy breach down the road.”
In fact, survey responses seem to suggest that companies are becoming more sensitive to the potential for data breaches. Only 40%, however, indicated that they were concerned about data breaches that might compromise the personal information of their customers and 31% indicated that they have guidelines in place for responding in the event of a breach.
Other highlights of the poll include:
- One third (32%) of businesses have staff that has had training on appropriate information practices and responsibilities under Canada’s privacy laws.
- Almost half (48%) of businesses have procedures in place for dealing with complaints from customers who feel that their information has been handled improperly.
- Many companies (39%) view protecting privacy as a competitive advantage, with 24% seeing it as a significant advantage and 15% a moderate advantage.
While some businesses may shrug off a phone call regarding privacy, it is now something that can make or break your business, and the Privacy Commissioner of Canada means business when it comes to protecting consumers. Facebook is not the only company they have gone after and make they adjust their process, but the office has also gone after Google, and Canadian social network Nexopia.