December 12, 2017 by CyberScout
For Canadian organizations, as well as organizations doing business in Canada, a dramatic shift to privacy and cyber security regulations is looming. The amendment to Canada’s Personal Information Protection and Electronic Document Act (PIPEDA), the federal privacy law for private-sector organizations, is expected to take effect in late 2017. Under this amendment, also known as The Digital Privacy Act, organizations that experience a data breach but neglect their responsibilities as outlined in this act could quickly find themselves in hot water with regulators and customers alike, not to mention facing steep fines.
If you aren’t up to date on what’s happening with PIPEDA and The Digital Privacy Act, this article highlights the implications of the new regulations on businesses along with how insurers and businesses need to prepare.
A quick refresh on PIPEDA
PIPEDA was enacted in 2000 and was intended to “set ground rules for how private-sector organizations collect, use or disclose personal information in the course of commercial activities across Canada.” The legislation was created to promote customer trust in e-commerce by setting a baseline of privacy protections for consumers. Given the rapid evolution of technology and commerce, parliament knew that the legislation would require regular updates. The Digital Privacy Act was created in response to growing data breach challenges in Canada and abroad. Not only does it mandate a new framework for breach reporting, notification and record keeping, it also clarifies key points around consent, the Privacy Commissioner’s powers and more.
Although parliament passed the Digital Privacy Act in 2015, time was needed to develop processes and procedures around new regulations. Enforcement had been postponed, but is expected at any time. With this looming change, it’s time for
insurers and businesses to prepare for the new guidance. Once the guidance is released, breach reporting, notification and record keeping under the Digital Privacy Act will be particularly important for insurers and businesses to understand.
Considering the potential impact
Data breaches around the world have grown to epidemic proportions in recent years. Consider the 160% year-over-year growth in Canada, or the fact that 37 million records were exposed in the U.S. in 2016 alone. A difficult reality to face is that 25% of data breaches are due to human error among employees or contractors. Bearing in mind the new regulations, these stats should be a wakeup call for Canadian businesses. Why? Because new regulations under the Digital Privacy Act will increase consumer visibility into breach events. Moreover, under the new regulations, your business or your policyholders could also face noncompliance fines of up to CAD$100,000.
Moving forward with confidence
Although the final guidance hasn’t been released, it’s time to get up to speed. Download our complimentary white paper that covers:
CyberScout is standing by to help.
Data breaches are an ugly fact of life of doing business in the Internet era. In addition to taking the right prevention steps, quick responses are critical. The upcoming regulatory changes with the Digital Privacy Act means that Canadian businesses need to be on top of the challenges.