Alex Halderman, a University of Michigan assistant professor who specializes in data privacy, says, “Almost anything you sign up for online these days requires you to hand over your personal information to use it. Then, every action you take online is logged by these companies — it’s that information that really needs to be safeguarded.” Too often, though, the safety walls that are supposed to keep this information private are breached. What can happen to the data that companies and governments are charged with protecting?
Let’s take a look at a few high profile examples of privacy breaches, not to scare you, but to help you understand the risks facing Canadian organizations today, and the opportunities facing providers of effective insurance products, if they can become among the first insurance companies to offer truly effective, made in Canada protection to their clients.
Hackers and Rogue Employees
They’re the pirates of data privacy, and there is no shortage of horror stories related to theft of data. Companies from Sony to Honda Canada have had data compromised by “unauthorized third parties.” Several of these incidents involve the companies’ own employees.
- Honda Canada. In 2011, hackers broke into Honda’s database and stole information from more than 280,000 customers, including their names, addresses, VINs, and some financing account information. While Honda told affected customers to be on the lookout for third party advertising that referenced their Honda ownership, they may not have anticipated the backlash from vulnerable clients. A class action lawsuit seeking $200 million, and which cites a two-month delay in notifying customers, shows how serious affected customers are taking these incidents
- Western Health Regional Health Authority. Records of 1,043 patients were accessed without valid reason by a Western Health employee in August 2012. A class action has been launched eerily echoing a similar scenario earlier this year in Manitoba, where at least 8 employees were fired, a class action was launched and regulators cried for stiffer penalties in the wake of medical records being inappropriately accessed by a health employee.
You don’t have to look far to find other instances of hackers stealing personal data, or rogue employees inappropriately accessing personal information. Sony is, of course, a prime example, with 100 million users of its PlayStation online gaming system affected by data theft.