Are You Ready?
Privacy breaches must be reported. We can help.
Privacy breaches must now be reported.
What is a Privacy Breach?
Breaches can include, but are not limited to:
- Successful hack, or infiltration, or your network
- Accidental access to information cross-department
- Employee snooping or data theft
- Software viruses that give access to information
- Loss of hard copies or soft files
- Communicating sensitive information without a process to ensure privacy
Want to Talk?
We are ready to help companies prepare for the new regulations. Don’t get caught unprepared.
- End user training to “nurture a culture of compliance” as required
- Empower employees to confidently use data safely
- Drastically reduces the possibility of end user initiated breach, the most common form of breach
- Identify employee interactions with data
- Determine risks to data in transport and at rest
- Establish right risk level for company’s complexity
- Regular threat assessments and audit preparation
- SEIM logs required for post data breach reporting
- Ongoing post-incident evaluation and optimization
- Available Dark Web monitoring for your account credentials
- Consultation and selection of compliance reporting software
- Demonstration of “reasonable efforts” to protect employee and customer private data
- Consult and build automated steps to proactively reduce breach threats
Policies & Procedures
- Consultation and selection of policies and procedures to aid in compliance
- Establish documented evidence controls
- Design and provide initial post-breach report for government requirements
Not Sure Where Your Company Currently Stands?
A comprehensive review shows your security weak spots:
- Understand exactly how to get started
- Prioritize any changes needed
- Learn where there are security gaps
A stand-alone project that can lead into the compliance programs or just give you a baseline for your current readiness. Billed as a time and materials project. Call your vCIO for more information
7 Program Deliverables
- Monthly technical breach reviews
- Ongoing compliance monitoring and proof documentation
- Quarterly mini-assessment checks
- Unlimited initial breach report generation
- Policy and procedure templates and guidance
- Recommendations for the right security tools
- Annual compliance status report
This premium Managed Compliance Support Services (MCSS) program is subscription based with a monthly fee and a minimum commitment.
1. How long does the assessment take to perform?
The typical process takes 2-3 weeks, as this is an important in-depth review of company policies, procedures and even company culture. That time frame may be impacted by the complexity of your systems and the availability of your company’s assigned point of contact throughout the process.
2. Are Managed Compliance Support Services (MCSS) part of your standard managed services?
Although this is a government-mandated program, we currently allow our ongoing managed services clients the choice whether or not they participate in the data and privacy breach assessments and programs. Therefore, it is not currently bundled into our standard Agreements. If you are an existing client, please contact your account manager (vCIO) if you would like to receive more information or enroll your company.
3. Can ActiveCo submit reports on my company's behalf?
The Office of the Privacy Commissioner of Canada, the office responsible for receiving reports and investigating breaches, only accepts reports from the company itself. ActiveCo can help you prepare your data breach reports, but you must review, sign, and submit them directly.
4. How far will I be through the process at the end of the initial 12 months?
Customization of your unique policies and procedures may still be happening in some cases at the 12 month mark, as well as adopting them into your company culture. Compliance is more than just having the documentation; the regulations also require companies to “nurture a culture of compliance” which includes employee training, regular network monitoring, and support for any employees or departments who may need help adapting to the changes.
5. What is included in the ongoing service after the initial 12-months?
Reaching, and maintaining, compliance is an ongoing process. ActiveCo’s ongoing monthly subscription continues monitoring your environment, your data breach systems and helping keep documentation up-to-date as regulations change (and they will). Your business will also benefit from support through any required investigation, and preparation of your data breach reports (in any instance of a successful breach). Most business owners continue with regular monthly service to receive consistent, reliable service rather than finding a way to incorporate compliance into their employees’ already busy schedules
6. My company cannot afford to pay penalties to the government. Wouldn’t it be better to just keep any breaches quiet?
Existing legislation shows that penalties will be issued when companies fail to report breaches, not because of the breach itself. This is an important distinction. Business owners that can show that they are working towards compliance, and making reasonable efforts to mitigate privacy issues, will have a better time avoiding fines.
7. What if the cost of compliance is beyond what my company can afford?
ActiveCo is here to work with you to find the best solutions within a reasonable budget for your business. We have several tools that we can suggest, depending on your situation, and can help design systems that reduce the risk of privacy breaches. What most businesses cannot truly afford is the potential cost of a breach. Please reach out for a conversation for more details on how we could help your unique company, no obligation.