Data Breach Compliance Program
Privacy breaches must be reported. ActiveCo can help.
Build Your Strategy
Grow Your Business
Privacy breaches must now be reported. So what is a privacy breach? Breaches can include, but are not limited to: successful hack or infiltration of your network, accidental access to information cross-department, employee snooping or data theft, software virus that gives access to information, loss of hard copies or soft copies and communication of sensitive information without a process to ensure privacy.
How to develop organisational procedures to meet compliance requirements? To meet Canadian Compliance PIPEDA requirements (and GDPR) your company will need policies, proof and procedures in place to meet compliance obligations. How do we help you meet compliance? Read on for our process that goes above and beyond what The Office of the Privacy Commissioner requires, to ensure your business is in constant pursuit of compliance.
A Strong Compliance Partner
- End user training to “nuture a culture of compliance” as required
- Empower employees to confidently use data safely
- Drastically reduce the possibility of end user initiated breach, the most common form of breach
- Indentify employee interactions with data
- Determine the risks to data in transport and at rest
- Establish the right risk level for company’s complexity
- Regular threat assessments and audit preparation
- SEIM logs required for post data breach reporting
- Ongoing post-incident evaluation and optimization
- Available Dark Web monitoring for your account credentials
- Consultation and selection of compliance reporting software
- Demonstration of “reasonable efforts” to protect employees and customers private data
- Consult and build automated steps to proactively reduce breach threats
Policies & Procedures
- Consultation and selection of policies and procedures to aid in compliance
- Establish documented evidence controls
- Design and provide initial post-breach report as per government requirements
Helping You Work Towards Compliance
Not sure where your company currently stands? That’s fine. A stand-alone project that can lead into the compliance programs or just give you a baseline for your current readiness. Billed as a time and materials project. A comprehensive review shows your security weak spots:
- Understand exactly how to get started
- Prioritize any changes needed
- Learn where there are security gaps
Compliance Readiness Program
7 Program Deliverables:
- Monthly technical breach reviews
- Ongoing compliance monitoring and proof documentation
- Quarterly mini-assessment chcks
- Unlimited initial breach report generation
- Policy and procedure templates and guidance
- Recommendations for the right security tools
- Annual compliance status report
The premium Managed Compliance Support Services (MCSS) program is subscription based with a monthly fee and a minimum commitment.
Frequently Asked Questions!
How long does the assessment take to perform?
The typical process takes 2-3 weeks, as this is an important in-depth review of company policies, procedures and even company culture. That time frame may be impacted by the complexity of your systems and the availability of your company’s assigned point of contact throughout the process.
Are Managed Compliance Support Services (MCSS) part of your standard managed services?
Although this is a government-mandated program, we currently allow our ongoing managed services clients the choice whether or not they participate in the data and privacy breach assessments and programs. Therefore, it is not currently bundled into our standard agreements. If you are an existing client, please contact your account manager (vCIO) if you would like to recieve more information or enroll your company.
Can ActiveCo submit reports on my company's behalf?
The Office of the Privacy Commissioner of Canada, the office responsible for receiving reports and investigating breaches, only accepts reports directly from the company itself. ActiveCo can help you prepare your data breach reports, but you must review, sign and submit them directly.
How far will I be through the process at the end of the initial 12 months?
Customization of your unique policies and procedures may still be happening in some cases at the 12 month mark, as well as adopting them into your company culture. Compliance is more than just having the documentation; the regulations also require companies to “nuture a culture of compliance” which includes employee training, regular network monitoring and support for any employees or departments who may need help adapting to the changes.
What is included in the ongoing service after the initial 12 months?
Reaching and maintaining compliance is an ongoing process. ActiveCo’s ongoing monthly subscription continues monitoring your environment, your data breach systems and helping keep documentation up-to-date as regulations changes (and they will). Your business will benefit from support through any required investigation and preparation of your data breach reports (in any instance of a successful breach). Most business owners with regular monthly service to receive consistent, reliable service rather than finding a way to incorporate compliance into their employees’ already busy schedules.
My company cannot afford to pay penalties to the government. Wouldn’t it be better to just keep any breaches quiet?
Existing legislation shows that penalties will be issued when companies fail to report breaches, not because of the breach itself. This is an important distinction. Business owners that can show that they are working towards compliance, and making reasonable efforts to mitigate privacy issues, will have a better time avoiding fines.
What if the cost of compliance is beyond what my company can afford?
ActiveCo is here to work with you to find the best solutions within a reasonable budget for your business. We have several tools that we can suggest, depending on your situation, and can help design systems that reduce the risk of privacy breaches. What most businesses cannot truly afford is the potential cost of a breach. Please reach out for a conversation for more details on how we could help your unique company, no obligation.
Why Choose ActiveCo?
ActiveCo is a BC-based Managed IT Services company offering a full slate of technology support and consulting. With strategic planning that focuses on maximizing performance, boosting productivity and growing your business, you’ll never look at IT the same way again.