Companies Must Safeguard Customer Information from Identity Theft

Canadian businesses need to reassure customers they are doing enough to protect their personal information at a time when there is growing public concern about identity theft, according to the latest survey conducted by Chartered Professional Accountants of Canada (CPA Canada). Almost three quarters (73 per cent) of survey respondents say they were targeted by scams in the past and 67 per cent are concerned about identity theft.¹ Cybercriminals are hurting the bank accounts of Canadians, many who were already left financially unstable because of the COVID-19 pandemic. So far this year, $144 million was lost to fraud compared to $106 million in 2020.² Despite the massive money loss, Canadians are stepping up efforts to fend off cyberattacks. More than half (62 per cent) of those surveyed are doing more to protect themselves against fraud than they were five years ago.³

Doretta Thompson, CPA Canada’s Financial Literacy Leader, says cybercriminals are always looking for ways to appear legitimate and circumvent security measures to take advantage of Canadians. “With our lives increasingly being lived online due to COVID-19’s new world, it’s more important than ever for Canadians to be diligent, on alert and safeguarding their private information.”

Here are some steps you can take to protect yourself against fraud and identity theft:⁴

• Be careful when shopping, banking, on sharing personal information online.
• Strengthen and protect your passwords.
• Don’t answer a call or respond to a text message if you don’t recognize the number.
• Monitor your banking transactions.

Identity theft doesn’t just affect individuals, but organizations as well. Here are some ways to protect your business against identity fraud:⁵

• Rely on encryption to protect personally identifiable information.
• Keep up to date with encryption technology since it’s constantly evolving, and scammers are looking for new ways to get around it.
• Educate employees on how to use encryption technology and to be on alert for any attempts of identity theft.
• Ensure your company has the latest anti-virus and anti-spyware protection.
• Install a firewall to make sure your network is protected.
• Keep software and browsers up to date with security patches.

Most Canadian businesses must comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). Innovation, Science and Economic Development Canada says having a sound privacy policy helps companies build stronger relationships with clients and employees, and offers the following tips to understand PIPEDA obligations:⁶

• Protect employee records: PIPEDA applies to your employee records if you are engaged in interprovincial and international transactions or conduct business within federally regulated sectors. Provincial privacy legislation may also apply.
• Processing personal data across borders: If you plan to transfer personal information to an organization in a foreign country for processing, you must take concrete steps to protect it.
• Customer ID: If you ask for a customer’s identification, you should know what information you can and cannot copy off a driver's licence.
• Determine the appropriate form of consent under PIPEDA: Find out how to get permission to collect, use or disclose someone's personal information depending on how sensitive it is and how it will be used.
• Privacy quiz: Take a quiz to better understand the privacy regulations that affect your business.
• Privacy toolkit: Get detailed information on the rules for the management of personal information in the private sector.
• The EU’s General Data Protection Regulation: If you handle the personal data of EU residents while exporting goods or services to them, these regulations may apply to you.

HSBC also advises you never disclose security details when receiving unsolicited calls, text messages, or emails. If you receive an unsolicited call from HCBC, for example, ask for the caller's contact details then call your HSBC Relationship/Account Manager to validate before calling back. For information about how HSBC protects our customers, visit HSBC Safeguard.

© Copyright HSBC Bank Canada 2021. All rights reserved. No part of this document may be reproduced, stored, distributed or transmitted in any form without the prior written permission of HSBC Bank Canada.

The information presented is not meant to be comprehensive and does not constitute financial, legal, tax or other professional advice. You should not act upon the information contained in this document without first obtaining specific professional advice. While reasonable care has been taken in preparing this document, HSBC does not make any guarantee, representation or warranty (express or implied) as to its accuracy or completeness. The information presented in this document is subject to change without notice.

Certain of the products and services offered by HSBC and its subsidiaries and affiliates are subject to credit adjudication and approval. This document does not constitute an offer to provide the services and products described and the provision of such services and products remains subject to contract.

“HSBC” is a trademark of HSBC Holdings plc and has been licensed for use by HSBC and its affiliates.