Each year we celebrate Data Privacy Day on Jan. 28 to recognize how the advancement of technology impacts our privacy rights and to highlight the value of protecting our personal information. As a joint effort between the Freedom of Information and Protection of Privacy and Information Security teams, we promote privacy-related best practices, insights and updates, including this list of notable data privacy topics and news stories from the past year.
General Data Protection Regulation
As of May 25, 2018, General Data Protection Regulation (GDPR) came into effect to help align data protection protocols and increase levels of protection for European Union citizens. This list of regulations for handling consumer data turned out to be a leading concern in 2019, as public and private sectors around the world considered the implications and new requirements and the European Commission issued more frequent and larger fines for non-compliance.
GDPR sets out to follow seven key principles, which include lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality and accountability. Individuals and companies are expected to follow these principles when creating a data protection practice or could face fines up to four per cent of their annual turnover.
Ransomware on the rise
There was an increase in ransomware attacks around the world in 2019, with municipalities and health care organizations being the most commonly targeted.
Among the many cases throughout 2019, three Ontario hospitals were hit with a malware called Ryuk, which collects enough data to know how the organizations operate and its ability to pay ransom. Ryuk is invisible to the average user but attacks computer networks, collecting information over time. Luckily for these hospitals, the malware was discovered by a firewall before any of the data escaped and no money had to be paid to retrieve files.
Big news stories:
Ransom paid to retrieve LifeLabs data after breach
LifeLabs performs more than 115 million laboratory tests per year — from standard lab testing to genetic and naturopathic testing. In December 2019, LifeLabs revealed a data breach that affects millions of Canadians who use their services. Mainly impacting those living in Ontario and B.C., the potentially accessed information included health card numbers, logins, passwords, email addresses and more.
LifeLabs paid ransom to retrieve the data, notified the privacy commissioners and government partners and are taking steps to strengthen cyber defenses. Customers are advised to change their passwords as a step toward ensuring protection moving forward.
Politics and privacy
In late 2018, Canada’s parliament enacted Bill C-76, the Elections Modernization Act, which requires political parties to develop and publish privacy policies that help protect personal information. However, because these policies require prescribed content but not adherence to obey international privacy standards, many questions have been raised.
Governments urged to adapt privacy laws
In November 2019, the federal government released a statement addressing their commitment to modernize Canada’s privacy legislation. This resolution calls for:
- a legislative framework to ensure the responsible development and use of artificial intelligence and machine learning technologies,
- all public and private sector entities engaged in handling personal information to be subject to privacy laws,
- Enforcement powers, such as legislating order-making powers and the power to impose penalties, fines or sanctions,
- the right of access should apply to all information held by public entities, regardless of format