It’s a bold new world with digital compliance being a necessary form of protection for businesses worldwide.
Why compliance and why now?
Mark Zuckerberg, founder of Facebook, spoke before the U.S. Senate in April. This highly publicized event ensured that “cybersecurity” became a household name (if it wasn’t before).
Get ready for a slew of new regulations and policy requirements to keep track of (literally, see below), as well as new rules for social media pages and websites you like to visit.
Summary
When do new regulations come into effect?
November 1st, 2018.Who will enforce these new regulations?
The Office of the Privacy Commissioner of Canada (The OPC).What’s changed…?
New security requirements for businesses on how they handle their data; new rights and restrictions around access to personal information; new fines established for non-compliance; organizations who don’t have a tracking mechanism for their security breaches will need to acquire a program to put in place; proactive reporting to the Privacy Commissioner under certain scenarios.Does this effect my business?
Indeed. Every business in Canada will need to review their business procedures to be able to establish and provide proof that they have taken (and continue to take) steps to remain secure and compliant.
Much like the E.U.’s “GDPR“, these new regulations will impact every business in the country.
The Business Impact
“…this requires (Canadian) organizations to revise internal privacy policies and procedures to ensure compliance with these significant legislative
changes.”
Lisa Lifshitz,
Partner @ Torkin | Manes
Businesses are required to ensure their networks are protected beyond a standard firewall. Security layers must be part of your security business process, as well having an assigned, inhouse, security officer who will be the main point of contact in maintaining compliance.
The main concern, however, will be the new legislation asking all businesses to track (and report when necessary) all successful breach attempts. The definition of a “successful breach attempt”, according to the government today, is broad and business owners need to consider if the risk of being fined for non-compliance are better than having a monthly, managed system of compliance in place.
The fines, by the way? Could be up to $100,000 per incident (an “incident” being a single individual’s information being potentially compromised) and that could include multiple instances in a single breach, bringing the tally to a potential 7 digits!
Additionally, a businesses’ reputation would be at stake were they to not comply with the regulations. It is not out of the question to consider the OPC to make examples of random businesses for the first few years, impacting them financially, lowering the company reputation, and establishing themselves as a business that does not perform their due diligence. This would be a revenue and HR disaster for any business.
How Does This Stuff Impact Me Personally?
Your rights as a digital user are in the spotlight, protecting individuals, businesses and other organizations from data breaches. This will help you decide which companies to do business with, purchase from online and trust overall. Think of it as visiting a website today who’s URL has a big, red, “Not Secure” next to their www address. Would you stay on that website, or enter your credit card information?
In Canada, you can currently have online information about yourself updated and corrected, but not removed (at the time of this writing). You can also find out what websites, apps and social media have under your name, how they got it, and what they do with it. In Canada, this has already been established as “de-indexing” and “source takedown”, which you can review online.
Related Article:
Are You Accidentally Revealing Your Identity Over Social Media?