Canadians believe personal data at risk

TORONTO (Reuters Life!) - About 14 percent of Canadians have had their identity stolen and nearly half know someone who had the same experience, a new poll shows.

File images shows a man working at the Shanghai Stock Exchange, October 27, 2006. About 14 percent of Canadians have had their identity stolen and nearly half know someone who had the same experience, a new poll shows. REUTERS/ Nir Elias

And most consumers are not confident that businesses will keep their personal information safe.

“Canadians are quite conscious and concerned about the situation,” said Jennifer Stoddart, the Privacy Commissioner of Canada who oversees compliance with privacy laws.

She added that while exact figures are hard to find, the commission has calculated about 50,000 specific breaches, and possibly millions more over the years.

“All indications say to me that people are increasingly aware, are trying to take better care of their information,” Stoddart explained.

The survey of 400 consumers, commissioned by software company CA Canada, showed that 44 percent said they knew someone who had suffered identity theft.

Less than one percent was “very confident” that retailers could protect their online private customer data. Only nine percent could say the same about Canada’s big banks, while federal and provincial governments received the highest confidence in their security at 12 percent.

Retailer TJX’s massive security breach, where hackers had stolen data from about 45.7 million credit and debit cards between July 2005 and January 2007, was one of the world’s largest reported data breaches.

According to the survey, the majority of consumers believed that not enough was being spent on online security and privacy, with 84 percent feeling that way about retailers, 67 percent about governments and 62 percent about banks.

“Canadian businesses and governments that are managing consumer data and information without robust data security are performing a high wire act without a net,” Renee Lalonde, regional vice president of CA Canada, said in a statement.

In a separate poll of 200 senior security executives, nearly 40 percent agreed that the amount their company spent on security was too low, while even fewer were confident in their organization’s ability to protect itself against security breaches.

The consumer distrust seemed to be supported by the amount of security violations -- internal breaches in particular -- reported, with numbers jumping in the last year.

Over 86 percent of large Canadian organizations acknowledged receiving a security attack in the last year compared with only 67 percent five years ago, according to the poll.

Thirty-three percent were identified as coming from within the organization -- more than six times higher than in 2003.

The survey coincides with an annual report put out by the Privacy Commissioner of Canada on Tuesday which said businesses were not doing enough to prevent security breaches and recommended introducing mandatory breach notification, to encourage businesses to do more and to ensure Canadians are notified of serious violations.

“The phenomenon is pretty well across the board,” said Stoddart. “Because almost all companies are online now ... the problems are everywhere.”

Reporting by Solarina Ho; editing by Patricia Reaney