Privacy breaches hit record high in Alberta

Alberta's privacy commissioner reported on a record number of personal privacy breaches last year.

Privacy commissioner says more personal info online, hacking growing in sophistication

a hand hovers over a computer keyboard
Alberta's Information and Privacy Commissioner issued more than double the number of decisions in 2017 than any previous year. (Getty Images)

Breaches of Albertans' privacy by organizations that are supposed to protect that information are on the rise.

Last year, the Office of the Information and Privacy Commissioner (OIPC) issued decisions on 162 breaches where there was a real risk of significant harm to affected individuals.

That is more than double the number of decisions from any previous year.

Many of the privacy breaches were related to unauthorized accessing of personal information through hacking, malware or email phishing.

But there were also plenty of cases of companies or employees inadvertently sharing personal information with unauthorized parties.

Attacks growing in sophistication

The director of compliance and special investigations with OIPC, Rachel Hayward, says human error is still behind some privacy breaches.

However, there's a growing sophistication of cyber attacks that's resulting in more breaches — and bigger ones.

Hayward said things have progressed far beyond the email asking you to send money.

Now, it's email phishing to steal information like your address book, or ransomware where computers can be remotely locked until you give money to hackers.

"All you have to do is accidentally click on a link and the attacker has access to your computer," said Hayward.

Info for 109,000 Albertans exposed in one case

OIPC's biggest single breach decision last year related to malware on the Walmart website which potentially exposed the personal information of 109,000 Albertans to an unauthorized third party.

In that case, the information that was hacked included names, email addresses, credit card information or passwords belonging to Albertans.

Hayward said both companies and individuals need to be more vigilant.

"Attacks are getting far more sophisticated and they require a different response from organizations than what we've seen in the past," she said.

Hayward says companies need to ensure they're downloading security patches and keeping their security systems up to date.

Albertans can also do things to help protect their information.

1234 is not a good password

She suggests greater scrutiny of passwords is a simple thing anyone can do.

That includes picking a complex password which includes numbers and punctuation, not just "1234" or actually using the word "password."

Hayward suggests passwords be changed frequently and that you don't use the same password across a number of apps or programs.

That way, if someone does obtain your information, they can't use one password to access all of your accounts.

Given that privacy breaches are becoming a more common occurrence, Hayward also suggests taking action when you hear your data has been compromised.

"If you've been notified that you are actually affected by a breach, it's really important to go onto that site and change your password as quickly as possible."

Those aren't bad ideas said technology guru Tom Keenan.

Reduce digital footprint

The professor of environmental design and computer science at the University of Calgary said people should also try to minimize their digital footprint.

He advocates people be what he calls 'info stingy.'

Calgary cybersecurity expert Tom Keenan, a fellow of the Canadian Defence and Foreign Affairs Institute, says the Superfish software that came preloaded on Lenovo laptops could give hackers the ability to redirect web traffic from legitimate sites to spoof websites. (CBC)

 "An example would be don't give out your date of birth unless it's legally required. Make up another date of birth," said Keenan.

"You don't really have to tell the truth except to the government and to financial institutions."

Both OIPC and Keenan say your vulnerability to having your email address or credit card information stolen is only increasing as more and more information is going online.

Keenan said the reason it seems like a bigger problem in Alberta is because since 2010, this province requires privacy breaches to be reported by organizations to the government's privacy watchdog.

"Alberta is in the lead. Alberta was the first jurisdiction in Canada to have mandatory breach reporting," he said.

For that reason, the number of breaches reported each year by OIPC is only expected to increase in coming years.