November 23, 2012
Risk of corporate financial, reputational damage from mismanaged personal information remains high
TORONTO--Recent studies indicate major discrepancies between the perception of privacy protection in Canada and the reality behind the ability of companies to protect personal information. A recent report from Advertising Standards Canada and MacLaren McCann indicates widespread willingness among Canadians to share personal information, with up to 79% exchanging their data to obtain a benefit. Trust in companies is increasing as up to 80% of Canadians believe their personal data is adequately protected. Unfortunately, the privacy landscape in Canada may suffer as a result of a false sense of privacy, according to a privacy professional and author of "Managing Personal Information: Insights on Corporate Risk and Opportunity for Privacy-Savvy Leaders" (Carswell, 2012).
The President and principal Risk Advisor of Toronto-based Informatica Corporation, Claudiu Popa says "we have been watching these studies come in and individually, they offer significant insight into the state of privacy but a cross-sectional analysis reveals a barometric predictor of the impact of personal information breaches over the short to medium term. The picture that emerges is anything but rosy. That's why we felt it was important to write this book" he added. According to the Edelman Privacy Risk Index, 62% of companies say their organization does not possess the expertise or technology to effectively protect personal information. The severity of these implications is underlined by a reported 15% annual increase in the number of companies that suffer from external privacy and security breaches (according to Ernst & Young).
While 73% of Canadians appear to show a surprising lack of concern over the information they submit online, they also indicate that they are aware that their Internet activities are tracked for marketing purposes. The majority are willing to share location data, shopping data and other information used for promotional purposes. The critical factor for Canadian companies is that 72 percent of respondents said they worry about the erosion of personal privacy even as they continue to share information online. In fact, the majority of Canadians do not want companies to share personal information with third parties and would prefer to have control over the shared data. The current study's findings independently support the book's perspectives as it offers solutions to prevent privacy breaches and their costly outcomes.
According to Claudiu Popa "89 percent of Canadians believe that they're already sharing too much information online and they're not hypocrites, they realize that they need to share information to get things done. Three quarters of consumers will abandon a company if information was accessed without permission. It's simply the way the economy, and the world as a whole, work. Unfortunately organizations that haven't yet read the book misinterpret the need of individuals to share information as a willingness to surrender personal details or even a weakness to be capitalized on. This is a dangerous conclusion to draw, and 57% of companies appear to support this view, because they said they do not consider privacy and the protection of personal information to be a corporate priority while 53 percent mistakenly believe that a data breach would not tarnish their reputation. 61% do not even enforce full compliance with laws and regulations."
At an approximate cost of $200 per compromised record, the average per-incident cost to companies has often exceeded $7 million over the past few years and will continue to climb with changes in legislation surrounding mandatory breach notification and anti-spam provisions. Between consumer concern, regulatory enforcement and litigation carving deeply into Canadian privacy operations, there should be no question that companies of all sizes need to place an absolute priority on compliance and enforcement, but it is often the damaging reputational impact and media scrutiny that convince firms to get serious about personal information protection. "Managing Personal Information" offers actionable guidance to enable the proper implementation of privacy programs within Canadian organizations.
"Managing Personal Information" is a uniquely Canadian collaborative effort to improve privacy and security practices at the higher levels of public and private leadership. The book's notable authors provide exclusive new content along with a foreword by the Ontario Information and Privacy Commissioner, Ann Cavoukian.