On November 1st, 2018, the Breach of Security Safeguards Regulations come into effect for Canadian organizations from coast to coast. At least, for those who have personal data, commercial transaction or customers across Canada. Is that most of you? Thought so!
ActiveCo has worked directly with the Innovation, Science and Economic Development Office of Canada (the writers of the incoming legislation) throughout our entire compliance preparation process, and we have tailor-made software to streamline navigating the new requirements.
Quick Fact Check: only 4 in 10 Canadian organizations have a post-breach plan in place.
To ensure business owners know where to begin, ActiveCo encourages you reach out to have your Security Posture Assessment completed as soon as possible. This helps establish the framework for pursuing compliance, giving you specific guidance on how to meet the requirements.
When ActiveCo first heard rumblings of the November 2018 deadline, and became entrenched in learning of the legislation on behalf of our clients, we were often came up with the same questions and assumptions many others are. Well, we have already spent well over 500 hours working on this process for our clients, so we have posted a quick FAQ on some questions we have spot-checked on your behalf: Enjoy!
Fiction: There will be a grace period.
Fact: the grace period actually started back in 2015 and ends on November 1st, 2018. When the government introduced us all to the Digital Privacy Act, their expectation was that organizations would begin taking steps towards compliance. Most did not. If you are still reading, you probably did not.
Fiction: “We budget for fines”.
Fact: Not this kind of fine. Infractions could cost up to $100k per record. That means if one record of personal data (that means any personal information that is not Name, Title, Business Contact Info) is breached, that one record is $100k. Hackers rarely work as hard as they do to obtain one, single record. Therefore, multiply 100 by however much data you have and there’s your magic number.
Fiction: We have security, anti-virus, we’re all good.
Fact: The security safeguards required to be in place for the new legislation is far above and beyond what many businesses are used to. Simply having a firewall will not cut it (actually, it doesn’t cut it before the legislation, so, maybe you should call ActiveCo..?). If your organization is ever found to have not taken steps to have appropriate security put onto your business networks, you may be subject to these very fines, regardless of whether or not a breach ever happened.
Fiction: We don’t collect information, so there is nothing at risk
Fact: Every business has information on individuals beyond their Name, Title, Business Contact Info. That “personal information” includes home addresses, birthdays, pictures posted online and way more.
Fiction: We’re too small to bother
Fact: No organization is too small to bother, so long as you have personal data (described above) and perform commercial transactions within Canada, you will want to take steps to pursue compliance prior to November 1, 2018.
Fiction: We’ve never been hacked (…and we never will be hacked!)
Fact: The opposite of that statement. Odds are good that a breach of some kind has occurred, be it an email that was clicked on, or someone in Department A knowing information from Department B that they shouldn’t be privy to. The base expectation of the new compliance legislation is that organizations must have proper security safeguards in place, as well as consistently monitoring all breach attempts.
The incoming regulations will be impactful for the rest of our lives, requiring organizations everywhere to take a new, hard, look at how they transact business and treat their data. Other organizations will want to ensure they are working exclusively with those who also took the time and energy to pursue compliance. Job-seekers will want to work with companies that respect and protect their personal information. Governments will continue to spot-check to ensure organizations are providing those environments for their clients, prospects and employees.
Need more information? Reach out at 604.931.3633 or book a consultation today!