Compliance regulations are in effect as of November 1st, 2018 for Canadian organizations. The impetus of the legislation is understanding how personal data must be dealt with during commercial transactions. The impact of the legislation will be far reaching and long lasting. This legislation has not been thoroughly communicated through the government channels to Canadian organizations, ActiveCo spent literally hundreds of hours to learn the guidelines inside and out. Our clients expect this consulting from us and we feel it must be communicated forward.
A starting point begins with asking:
- What is the intended impact of using data?
- How severe is that impact? How likely is it to occur?
- Who holds the risk?
In pursuing this analysis it is also important to differentiate between threats in the stewardship of data and the associated benefits or harms they could create. This provides a way to organize threats (i.e. security breaches, loss of confidentiality, inappropriate usage or inappropriate access) and classes of harms. Some harms are tangible (loss of life, freedom of movement, property theft and physical injury) and some are intangible (such as restrictions on personal expression, social anxieties, emotional distress and reputational damages). The scale of the potential impact and who holds the risk also need to be addressed.
Is the anticipated impact intended for a particular individual, a community or is it societal?
Many business owners, CIO’s, CFO’s and other executive team members who’s lap this has fallen into have all inquired: “Do we have to do this compliance thing?” and the answer, is “yes”.
Therefore, Canadian organizations have 3 options when it comes to dealing with compliance legislation:
#1 Ignore it
Let’s get this one out of the way. We do not recommend this option. What may happen should you completely ignore or dismiss the legislation?
Upon any investigation, your organization will be immediately filed as uncompliant. The strictest penalties will be handed to your organization by default and fines could be as high as $100k per breached record. Please do your best to not take this option.
Should you still want to consider ignoring the legislation, we would highly recommend talking with a/your lawyer to ensure your organization is prepared for any potential legal ramifications.
#2 Do Your Assessment (at least)
The longest journeys begin with a single step. In this case, that step is having a “Security Posture Assessment” to work from. ActiveCo’s custom software will produce a document that shows you specifically what is needed, and what steps to take to pursue compliance.
#3 Hire a Consultant (like, say…us!)
ActiveCo’s “Managed Compliance” services help keep organizations on track for their compliance needs. The benefit is a clear, step-by-step process presented and enacted with the help of your dedicated consultant. In any event of investigation from the Office of the Privacy Commissioner, ActiveCo helps you through the government process from beginning to end.
The regulations will impact every organization and every employee across Canada,. Those employees look to ownership to ensure their workplace is in line with government regulations and that there is protection in place for them. If you still feel on the fence regarding these mandatory regulations, please give ActiveCo a call to discuss.