Canadian Government Executive - Volume 22 - Issue 7

Previous Page

Next Page

Page Background

28

/ Canadian Government Executive

// September 2016

Special Report

R

ecently, the University of

Calgary was forced to pay

$20,000 to cyber criminals.

The ransom was paid because

a potential attack would have resulted in

the loss of years of research and data—

as well as information that belonged to

staff and faculty. This wasn’t an isolated

incident; in fact, in a 12-month period

ending in March 2015, the federal gov-

ernment suffered a record-high 256

data breaches. That was higher than in

the same period the year before—which

itself was double the number reported a

year earlier.

Most of these breaches were due to

accidental disclosure; but whether ac-

cidental or the result of a cyber attack,

the result was the same: privacy was in-

vaded.

And when it comes to protecting per-

sonal information, Canada’s public sec-

tor must tread carefully. Whereas the

private sector can turn to the Personal

Information Protection and Electronic

Documents Act (PIPEDA) for guidance,

the public sector is subject to a variety

of federal and provincial laws, depend-

ing on location and responsibility. Gen-

erally, public sector privacy laws relate

to an individual’s right to access their

own information and how the public

sector collects, uses and discloses that

information in the course of providing

services. The very nature of an elected

government and public trust in its insti-

tutions means it faces a higher level of

accountability around cyber security

and protecting citizens’ private informa-

tion than the private sector.

Recognizing the evolution of how per-

sonal information is collected and the

higher level of concern about privacy

in our society, the federal government

adopted The Digital Privacy Act in June

2015 and amended PIPEDA. To remain in

compliance, it is imperative public sector

institutions stay abreast of the develop-

ments and actively incorporate them in

their cyber security policies and pro-

grams.

The act, while not fully in force yet,

makes it mandatory for organizations to

disclose a breach of privacy to both af-

Challenging the Myth

of Cyber Security

Your organization will be cyberattacked and often.

But there are steps the public sector can take

to reduce breaches and their impact.