Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Canada: OPC publish key takeaways from investigations into GCKey and CRA cyber breach
On March 28, 2024, the Office of the Privacy Commissioner (OPC) published its Privacy Act Bulletin, with key takeaways from its investigations into the 2020 Employment and Social Development Canada's GCKey authentication service and Canada Revenue Agency (CRA) sign-in portal cyber breach.
The OPC provided the following key takeaways after having looked at how attackers were able to infiltrate online services to access and modify individual accounts:
- ensure that privacy risks are thoroughly assessed and addressed for programs and services, especially when involving sensitive personal information;
- consider risks from malicious modification or submission of false personal information;
- determine the level of identity assurance that is needed and ensure that employees know how to assess it;
- conduct regular security assessments;
- monitor to detect potential breaches early;
- be prepared to take immediate corrective actions; and
- build strong structures to avoid silos in information sharing and decision-making.
You can read the Privacy Act Bulletin here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
