M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on E-TIPS™ For Deeth Williams Wall LLP on August 24, 2022.
On August 11, 2022, the Office of the Privacy Commissioner of Canada (OPC) published a report on its survey of Canadian businesses regarding privacy related-issues (the Survey). This is the first survey of businesses published by the OPC since the beginning of the COVID-19 global pandemic – allowing for comparisons to be made with the pre-pandemic landscape.
The OPC commissions a survey every two years with the last survey conducted in 2019. The Survey findings are used by the OPC to provide privacy guidance to the public and improve outreach efforts with businesses. The Survey was conducted over telephone between January 12 – February 18, 2022 and involved representatives from 751 companies across Canada.
The Survey highlights several key findings on how Canadian businesses currently view privacy compliance. For example, the Survey found that businesses are well aware of their responsibilities under privacy laws with 86% of survey respondents indicating that their company is at least moderately aware of their privacy-related responsibilities, and 74% stating that their company has taken steps to ensure compliance with Canada’s privacy laws. The remaining key findings compared the privacy practices of companies in 2022 with their pre-pandemic counterparts:
- Privacy Policy: Although the Survey found that 59% of companies have a privacy policy in place, this is less than in 2019 when 65% of surveyed companies reported having such a policy.
- Privacy Practices: A large portion of surveyed businesses have implemented key privacy practices, such as designating a privacy officer (57%), developing internal privacy policies (51%), and having procedures in place for responding to customer requests for access to their personal information (51%). However, more businesses reported having implemented these measures before the pandemic with 62% having privacy officers, 55% having internal polices, and 60% having procedures for customer access requests in 2019.
- Data Breaches: The Survey found that 28% of businesses are concerned with potential data breaches, which is a drop in response from 37% in 2019.
In interpreting the results, it is noted that the context of the business landscape during the data collection process may have affected the findings. The Survey was conducted at the height of the fifth wave of the pandemic after almost two years of pandemic-related restrictions. Businesses’ preoccupation with pandemic-related issues may have meant that “privacy responsibilities might not be top-of-mind” for those surveyed, who may have had a limited recall of their businesses’ privacy practices or not prioritized privacy as high amidst sweeping pandemic-related operational changes. This may have explained the reported decline in compliance between the years.