Cyber Security Newsletter - January 2024: Data Privacy Week at Laurier

January 21-27, 2024 is Data Privacy Week in Canada and in over 50 countries around the world. This occasion is intended to promote online privacy and best practices for protecting your personal information

How is personal information at Laurier managed?

Personal information at Laurier is treated in accordance with provincial legislation such as the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Privacy Act (PHIPA), as well as Laurier’s own privacy policies. These policies help define what constitutes personal information and provide guidance on how it should be protected by the institutions that collect, use, and store it such as Laurier.

Laurier’s Privacy Office provides training and resources to help members of the Laurier community protect personal information, and maintains an excellent set of informational resources on Laurier’s website.

What is a privacy breach?

A privacy breach is any event that results in the loss or unintended disclosure of personal information.

Beyond commonly understood examples of personal information such as Social Insurance Numbers, banking information, and medical records, privacy breaches can also extend into biometric data such as stored fingerprints (which are often used for multi-factor authentication) or even genetic data. For example, the genetic testing website 23andMe recently experienced a breach in 2023 that enabled hackers to steal genetic and ancestry data of nearly 6.9 million of its customers by targeting users who re-used passwords from other sites.

How do privacy breaches occur?

Breaches can commonly occur as the result of cyberattacks such as phishing. Errors and unsafe handling practices can also lead to a breach, for instance, paper or digital media containing personal information being improperly stored, shared, or disposed of.

What are the consequences of privacy breaches?

The cost of privacy breaches is immense – Canada paid the third-highest cost in the world per breach last year ($7 million). Privacy breaches can lead to identity theft and fraud against the people whose data is breached, as well as a loss of trust in the institution managing the breached data.

How do I protect myself?

Though the person whose private information is affected may not have made any errors to cause the breach, there are still several ways to help protect your privacy. Many general cybersecurity best practices can lessen the likelihood of a privacy breach.

• Share private information only when absolutely necessary. This will help limit the amount of data disclosed in the event of a breach.
• If your job requires you to work with personal information, ensure you are properly trained and educated on relevant privacy laws and safe handling of this information.
• Use strong passwords, multi-factor authentication, and anti-malware solutions to protect your accounts and devices.
• Beware of phishing attempts and report any incidents where you feel personal information may be breached.