PIPEDA, the Personal Information Protection and Electronic Documents Act, governs how Canadian businesses must handle data. Changes activated on November 1, 2018, bring in a collection of new obligations that many businesses remain unaware of involving data breaches that could pose a threat of significant harm to individuals — from direct physical harm to identify theft and reputation damage.
It’s no longer enough to have a plan to react quickly when the worst happens and combat the breach itself. Businesses will now have to navigate this mandatory reporting, which will inevitably mean taking a public reputation hit on top of managing the minutia of complying to these new standards. Failure to comply? You could be looking at a fine of up to $100,000 per infraction. It's worth it to work to avoid that.
Now more than ever it’s vital to have excellent security safeguards. If you’re able to run your business securely, you’ll run into these challenges far less. Every business would like to believe it’s capable of fending off every attack and avoid this kind of damage.
Even so, high profile cases involving massive international enterprises show that 100 per cent safety is incredibly difficult. You may have the best defenses and the best staff, but it’s still often a question of when, not if.
And it doesn’t matter if you’re a smaller business: you’re still a target and responsible under PIPEDA. Keep just one electronic list of customer data and even if you contract it out to a third party you still may be on the line for this mandatory reporting.
When you get that call that hackers have broken in, dealing with the immediate threat will be disruptive enough. You don’t want to be scrambling to figure out if this breach counts as reportable, if and how you’re going to get the word to the individuals affected, and how you’re going to record the nature of the incident and your reaction to it, and how you'll avoid taking that $100,000 fine.
Head this headache off now while you have the luxury of dedicating your time and resources to draw up a robust, reliable plan.
Answering these questions now will save you so much pain (and money!) later and leave you freer to focus on resolving the more immediate crisis.
CrucialLogics is a Microsoft Gold Partner. We’re experts on IT security. If you need a hand understanding these security issues and minimizing the risk of data breaches, get in contact here. If you’re a business owner or leader, you’ll want to check out this page. Or, CSOs might want to explore here next.