Risks of Non-compliance

We’ve talked about PIPEDA – when it applies, and when it doesn’t and we’ve looked at the 10 principles of PIPEDA and how to comply with them.

Now, we’re going to look at some of the potential fall-out from NOT having a strong Privacy Management Program and a “culture” of privacy.

The unauthorized disclosure of personal information such as phone numbers or address can put individuals in harm’s way from abusive ex-partners or stalkers etc. They could experience psychological harm through humiliation or there could be stigmatization. The economic impacts could include the increased risk of identity theft and the resulting implications to credit etc.

Here is a short list of some of the risks of carelessness:

• Harm to customers (physical, psychological, or economic)
• Reputational risk to individuals at the organization
• Reputational risk to the organization
• Harm to business relationships
• Harm to business relationships
• Loss of market share
• Cost to defend lawsuits by victims
• Unexpected costs to remedy or defend a privacy breach
• Financial penalties and legal risks to corporations and officers

Studies have shown that consumers will alter their purchasing behavior if they no longer trust an organization to manage their personal information appropriately. Studies in 2006 showed that data loss can translate to an 8% loss of customers with corresponding reduction in revenues. Think about that. How long would it take for your organization to replace those lost customers and their premium dollars?

Your company may also face an OPC audit of personal information management practices in order to:

• Correct deficient practices;
• Publish notice of corrective actions taken or to be taken;
• Pay damages, including damages for humiliation; and

Face litigation from aggrieved party(ies)