Are You Ready?
We can help.
Privacy breaches must now be reported.
What is a Privacy Breach?
Breaches can include, but are not limited to:
- Network hacks
- Accidental physical display of information
- Employee snooping
- Software viruses that give access to information
- Loss or display of hard copies or files
- Faxing sensitive information without a process to ensure privacy
Want to Talk?
We are ready to help companies prepare for the new regulations. Don’t get caught unprepared.
- End user training to “nurture a culture of compliance” as required
- Empower employees to confidently use data safely
- Drastically reduces the possibility of end user initiated breach, the most common form of breach
- Identify employee interactions with data
- Determine risks to data in transport and at rest
- Establish right risk level for company’s complexity
- Regular threat assessments and audit preparation
- SEIM logs required for post data breach reporting
- Ongoing post-incident evaluation and optimization
- Available Dark Web monitoring for your account credentials
- Consultation and selection of compliance reporting software
- Demonstration of “reasonable efforts” to protect employee and customer private data
- Consult and build automated steps to proactively reduce breach threats
Policies & Procedures
- Consultation and selection of policies and procedures to aid in compliance
- Establish documented evidence controls
- Design and provide initial post-breach report for government requirements
Not Sure Where Your Company Currently Stands?
A comprehensive review shows your security weak spots
- Know exactly where to start
- Learn where your quick fixes are
- Understand your technology gaps
A stand-alone project that can lead into the compliance programs or just give you a baseline for your current readiness. Billed as a time and materials project. Call your vCIO for more information
7 Program Deliverables
- Monthly technical breach reviews
- Ongoing compliance monitoring and proof documentation
- Quarterly mini-assessment checks
- Unlimited initial breach report generation
- Policy and procedure templates and guidance
- Recommendations for the right security tools
- Annual compliance status report
Program is subscription based with a monthly fee and a minimum commitment.
1. Why is the Initial Audit not a part of the 12-Month Readiness program?
How long it takes to complete the Initial Audit is dependent on how complex your systems are and how long it takes to go through them all. As well, some companies may have in-house expertise to manage their compliance monitoring and just want the initial assessment completed by a third-party consultant
2. If I am a managed services client am I automatically enrolled in the program?
No. Our managed services clients all have the choice whether or not they participate in the Data and Privacy Breach assessments and programs. Please contact your vCIO if you would like to receive more information or enroll your company
3. I want ActiveCo to handle everything, including submitting my report. Why is that not an option?
The Office of the Privacy Commissioner of Canada, the office responsible for receiving reports and investigating breaches, only accepts reports from the company itself. ActiveCo can prepare your data breach reports on your behalf, but you must review, sign, and submit them
4. How far will I be through the process at the end of the initial 12-Month Readiness program?
This depends on how much time you have to review and customize the policy and procedure templates to make them documents that your company can confidently adopt and follow. Compliance is more than just having the documentation. The regulations also require companies to “nurture a culture of compliance” and this can include employee training, regular monitoring, and support for employees when they encounter a tricky situation
5. Why might I want to continue the program after the initial 12-months?
Compliance is going to be an ongoing process. ActiveCo can continue to monitor your data breach systems, help you update your documentation as the regulations change or require further details, and – of course – prepare your data breach reports as they are required. Many companies will prefer to continue with a regular monthly fee to receive consistent, reliable service rather than finding a way to incorporate compliance into their employees’ already busy schedules
6. My company cannot afford to pay penalties to the government. Wouldn’t it be better to just keep any breaches quiet?
The current indication from the government is that penalties will be levied when companies fail to report breaches, not because of the breach itself. As well, companies that can show that they are working towards compliance and making reasonable efforts to mitigate privacy issues will have a better time avoiding fines
7. What if the cost of compliance is beyond what my company can afford?
ActiveCo is here to work with you to find the best solutions within a reasonable budget for your business. We have several tools that we can suggest, depending on your situation, and can help design systems that reduce the risk of privacy breaches