Personal security is on everyone’s minds these days and rightly so. From the data leaks of Ashley Madison to the loss of personal health information in Alberta, breaches in private information are becoming a serious issue.

Incidents of identity theft across Canada have nearly tripled in the last five years. In turn, identity fraud has grown by 42 per cent between 2010 and 2014, according to data from Statistics Canada.

“There’s no way you can stop identity theft from external sources a hundred percent, but at least you can actually watch for it, and if it happens, with the best of safeguards, then you can put a stop to it right away,” said Norm Archer, professor at McMaster University. “A lot of companies just don’t do that.”

Archer is an expert in identity theft and fraud in the digital age. He said that the biggest issue to date is that people still have not learned the importance of protecting and encrypting their data.

“The sophistication is increasing almost daily and not enough people pay attention to it,” said Archer.

The most common form of fraud is called “existing account fraud”, according to Archer. This is what happens when somebody steals your credit card information and goes on a shopping spree.

“We knew that if identity theft became a serious situation then people would not be able to use the internet for commerce. And in fact, that is a deterrent to a lot of people,” said Archer. “They simply do not want to buy anything over the internet because they’ve heard stories about people who lose their identities.”

Such was the case with Larisa Romanovsky, a local Ottawa woman who had her visa information stolen despite taking all the usual precautions.

“I saw my statement online and found some suspicious transactions that I didn’t make,” said Romanovsky. “Someone was trying to buy something online using my card. I have never made online transactions.”

She immediately called her visa service with the bank of CIBC and they transferred her to the fraud department.

“They right away opened a case and started an investigation. They asked me what the last transaction that I made was. All the ones after it were fraud,” said Romanovsky.

She never did find out how the breach occurred but fortunately her problems were easily resolved. After a couple weeks of investigation the bank reversed the payments and issued her a new visa.

Archer said that the worst cases he has heard of people took out entire mortgages using stolen information.

“When you put your trust in these organizations, you assume that they know what they’re doing and that they will keep your data safe,” said Archer. “Unfortunately, too often, that turns out to be a not accurate supposition of what’s happening.”

According to Archer, about half of identity theft is by internal sources.

He said that companies should take steps to vet their employees and raise awareness among their employees about simple measure such as regularly changing their passwords and locking their computers.

He pointed to the hospital database system in Ontario as a good example of information security. When a nurse or a physician accesses a patient’s account, the information is logged into the database.

“When there are these big scandals, like Rob Ford when he was in the hospital, there were a number of people accessing his account and the hospital knew immediately who they were because they kept track of that,” said Archer.

The resulting class action lawsuits that often result in breaches of personal data can cost organizations millions of dollars. These problems could be minimized if companies took better care of their data, said Archer.

“It’s quite flabbergasting to find out that these things continue to happen even after all the lessons that we’ve been taught over the years,” said Archer.