Skip to main content

Is your clients' personal data protected?

If you’re a business owner, it’s your job to keep sensitive personal information about customers, clients and employees safe.

Facebook, eBay, Equifax, Uber and Adobe are just a few of the major companies that have  suffered a data breach in the past decade, but small to medium-sized businesses—and their users’ data—are just as vulnerable.

In the past two years, nearly one in five (18%) Canadian SMBs have been impacted by a breach, exposing sensitive user data like names, contact and address information, birthdates, and credit card and social insurance numbers. Businesses with 100 to 499 employees are more than twice as likely to be affected, with 42% having reported a breach. 

Whatever type of business you own—whether you make goods, buy and sell products, or provide services to consumers or other businesses—you’re likely storing personal information about your customers, clients and employees online. Are you doing everything you can to protect their data?

User data is your responsibility

Many SMBs assume that they’re too small to be a target when, in fact, they are prime candidates for an attack. Experts say that businesses, even small ones, should plan for when, not if, they are hacked. If you collect and store user data, you have a moral and legal responsibility to protect it.

Securing user data is good for business

A data breach could lead to devastating outcomes for your business, so insurance against cybercrime is essential.

It can be expensive to recover from a hack. If user data is leaked, you’ll have to cover the cost of notifying the affected customers, and you could lose profits suffer a drop in income if regular business operations are interrupted. If these customers file a lawsuit seeking damages, you’ll also incur litigation costs. 

What’s more, data breaches can tarnish your reputation, which can lead to the loss of current customers and dissuade potential customers from engaging with you. 

The worst possible outcome of a data breach or a cyber attack? Your business may never bounce back. In fact, 60% of small businesses fail within six months of a data breach.

Privacy laws protect you and your customers

Businesses that don’t follow regulations regarding user data may also face expensive fines. To protect your business and your user data, you should be familiar with the best practices for responding to a data breach, as well as for collecting and protecting personal information.

In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to all Canadian businesses that transfer sensitive customer information across a provincial border or outside the country. The regulation outlines 10 fair information principles. Some of the key takeaways are that businesses must obtain their clients’ consent before using information, they can only use data for the reason it was collected, and they must take measures to safeguard the information they collect. 

Private sector organizations that operate solely in Alberta, British Columbia or Quebec are subject to equivalent provincial laws instead of PIPEDA. 

Since November 1, 2018, it has also been mandatory for businesses to report breaches to the Office of the Privacy Commissioner and notify affected users. Businesses who don’t comply with PIPEDA may face fines up to $100,000.

You should also be aware of the European Union General Data Protection Regulation (GDPR), as it applies to your business if you have clients that are citizens of the EU. This regulation stipulates that users have the right to access their own information, the right to be forgotten (erasure), and the right to be notified if there is a breach of their privacy.

What can you do to protect user data?

As a business owner, you should learn how to protect your business from cybercrime and closely guard user data.

  • For many SMBs, it’s a good idea to outsource specific tasks to companies that already have excellent data protection measures in place. Outsourcing can save you time, money, and the headache of worrying about data breaches.

    • Work with a cloud storage company instead of paying to maintain a physical server.

    • Use a trusted third-party payment processor like PayPal instead of collecting credit card information on your website.

    • Set up one-click login with Google or Facebook instead of designing a custom login. 

  • SMBs should also be wary of amassing too much data because they could become more desirable targets for cybercriminals. Collect only the data that you really need and delete any information you don’t use.

  • It’s also wise to purchase insurance that covers cybercrime. Policies vary, but insurance can alleviate a huge financial burden if your business falls victim to a breach. Privacy breach coverage includes tech support and expert assistance that will help you prevent and, if necessary, recover from a breach. 

Questions about what kind of insurance you should have for your business? Contact a broker to learn what policy offers the best coverage for your company.

Article tags

  1. http://www.ibc.ca/qc/business/risk-management/cyber-risk/cyber-security/

  2. https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html

  3. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/

  4. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/

  5. https://eugdpr.org/