Canadian Underwriter
News

Companies do not have effective response plans for data breaches: privacy lawyer


November 5, 2010   by Canadian Underwriter


Print this page Share

Data protection is increasingly seen as a strategic issue, but most companies do not have an effective incident response plan, Adam Kardash, partner at Heenan Blaikie LLP’s Toronto office, told delegates at the Insurance Bureau of Canada (IBC)’s 10th Annual Regulatory Affairs Symposium in Toronto on Nov. 4.
Kardash is co-head of Heenan Blaikie’s national privacy and information management group. He predicted that as the use of ratings analytics becomes more popular, a financial institution’s exposure may become greater.
Nevertheless, multiple surveys show financial institutions are not prepared for security breaches, which are only a matter of time, he said. “Most companies do not have a security response plan, or, if they have one, it’s regarded as ineffectual.”
Kardash gave an example from his practice of what happens when an organization has no plan in place for a security breach.
“Five or six years ago, we were acting for an entity in the financial services sector,” he said. “There was a disk that was provided to a service provider. They were doing analytics. One million names were on the disk, banking information, etc. It was lost.
“The most striking thing that happened afterwards had everything to do with the fact that there was no security response plan. What happened is that all hell broke loose at the company. A serious issue became a crazy crisis and a manifestation of individuals covering their respective behinds, not knowing where to turn, not being given effective guidance.”
An effective security response plan contains a useful checklist of steps that could prevent a potentially innocuous event from turning into a costly PR nightmare.
Kardash noted privacy legislation requires organizations to take “reasonable” measures to protect personal information against loss or theft, as well as unauthorized access, copying, use, modification or destruction.


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*