Breaches of Albertans’ privacy by organizations that are supposed to protect that information are on the rise.
Last year, the Office of the Information and Privacy Commissioner (OIPC) issued decisions on 162 breaches where there was a real risk of significant harm to affected individuals.
That is more than double the number of decisions from any previous year.
Many of the privacy breaches were related to unauthorized accessing of personal information through hacking, malware or email phishing.
But there were also plenty of cases of companies or employees inadvertently sharing personal information with unauthorized parties.
Attacks growing in sophistication
The director of compliance and special investigations with OIPC, Rachel Hayward, says human error is still behind some privacy breaches.
However, there’s a growing sophistication of cyber attacks that’s resulting in more breaches — and bigger ones.
Hayward said things have progressed far beyond the email asking you to send money.
Now, it’s email phishing to steal information like your address book, or ransomware where computers can be remotely locked until you give money to hackers.
“All you have to do is accidentally click on a link and the attacker has access to your computer,” said Hayward.
Info for 109,000 Albertans exposed in one case
OIPC’s biggest single breach decision last year related to malware on the Walmart website which potentially exposed the personal information of 109,000 Albertans to an unauthorized third party.
In that case, the information that was hacked included names, email addresses, credit card information or passwords belonging to Albertans.
Hayward said both companies and individuals need to be more vigilant.
“Attacks are getting far more sophisticated and they require a different response from organizations than what we’ve seen in the past,” she said.
Hayward says companies need to ensure they’re downloading security patches and keeping their security systems up to date.
Albertans can also do things to help protect their information.
1234 is not a good password
She suggests greater scrutiny of passwords is a simple thing anyone can do.
That includes picking a complex password which includes numbers and punctuation, not just “1234” or actually using the word “password.”
Hayward suggests passwords be changed frequently and that you don’t use the same password across a number of apps or programs.
That way, if someone does obtain your…