Every day, the topics of cybersecurity, privacy and data breaches are front-page news stories that stir up great attention amongst individuals and businesses alike. It becomes more and more apparent that today’s organizations cannot escape their responsibility to protect data and safeguard their environment with a comprehensive security program. In fact, the law requires organizations that retain their customers’ personally identifiable information (PII) to have “reasonable” cybersecurity defense mechanisms in place. Organizations that do not respect this legal obligation increase their risk for reputational damage, financial losses and harsh data security litigation in the form of costly fines or class action law suits.
“There is no room for lax security regardless of the size of the company.
From an IT issue to a business issue to now a legal issue,
cybersecurity is something that can no longer be ignored or deferred.”
– Charlie Benway, ACSC Executive Director, quoted on Security, Privacy and the Law, 2015
We’ve gathered a few of our most popular resources on privacy and data protection to help your business make sense of today’s data privacy jungle. Make sure to bookmark this page and check back regularly for updates!
If you’re a security professional or hold an executive position, you are probably required to understand your obligations when it comes to information security under privacy regimes. What exactly do you need to do to protect your employees’ electronic records? What are the risks of non-compliance with relevant privacy rules? How can you conduct privacy awareness training? How can you stay up to speed with the latest news and developments in privacy matters in real time? Make sure to bookmark this post for the most useful and recent sources of information.
In Canada, most legal obligations pertaining to cybersecurity can be found in one of the privacy laws, most primarily in the Personal Information Protection and Electronic Documents Act (PIPEDA). The objective behind the law is to balance the need for organizations to use data for legitimate business purposes, and individuals’ right to privacy. How do you know if PIPEDA applies to your organization? How can you comply? How is PIPEDA enforced? This article will give you an introductory lesson on how your business may need to protect personally identifiable information.
Every year in January, the online world gets together to raise awareness for the relevance of data privacy during Data Privacy Day. With data breaches on the rise, more and more organizations are legally required to protect their employees’ and customers’ personally identifiable information (PII) and make data privacy a central element in their corporate security strategy. Learn more about the 11 privacy principles that drive data protection.
The infamous Ashley Madison breach represents an excellent opportunity to exemplify the legal obligations of businesses under PIPEDA, while illustrating the numerous issues that fast-growing and emerging companies are faced with when trying to keep up with their obligations. Here are five lessons drafted from the joint report which I believe to be valuable when evaluating how to protect your organization’s most valuable asset – data.
On September 22, 2016, Yahoo! officially acknowledged the largest data breach in the history of the Internet. It was evaluated that about 500 million Yahoo! user accounts were stolen. While the full breadth of the incident still has to be assessed, it cannot be denied that its consequences were disastrous for many users. What do we learn from this? What can we do to be more proactive and protect our confidential data more effectively?