The Canadian government is proposing the Digital Charter Implementation Act, 2020. This bill is one of the largest overhauls in the nation’s privacy law for decades and is designed to increase the protection of personal information in the private sector.
The legislation aims to ensure that a modern law protects Canadians while providing businesses with transparent rules as technology continues to evolve. If passed, the bill would deliver the harshest fines among G7 privacy laws, meaning huge fines on private companies that breach the privacy of Canadians. Companies charged with the most serious offences could be fined up to $25 million or 5% of their revenue—whichever is greater.
In addition to strong penalties for violations, the bill consists of a total of 10 principles that also includes:
- increasing control and transparency of personal data by companies;
- giving Canadians greater control over who is using their data and the freedom to securely move their information from one organization to another;
- allowing Canadians to demand that their information be disposed of when consent is withdrawn;
- ensuring consent is only valid when a company uses clear and comprehensible language
3 Ways CrucialLogics Can Help
Although the size of the fine is daunting, it’s also avoidable by ensuring your company is making the right technology decisions.
1. Advisory and Assurance Service
CrucialLogics has a plenty of experience in identifying and controlling technology and mitigating financial and operational risks embedded in business systems. Clients can feel secure in knowing their IT risk management and controls architecture is optimized.
We will not only ensure that you’re up-to-date and compliant with all government regulations, we’ll also offer guidance and effective strategies to ensure controls are executed for outsourcing or offshoring IT services. This includes providing pre- and post-implementation assistance for vendors to confirm they are also compliant.
Rather than having to wade through reams of information and running the risk of millions of dollars in fines, consider the benefits of getting an outside perspective from specialized experts who are able to assess your systems and provide a solution based on their experience. At CrucialLogics, we have interpreted the legislation and understand how to get you and keep you compliant.2. Cloud Data Protection
In order to guarantee a secure, cloud-friendly IT department we recommend a 4-prong approach to cover your assets.
- Security Design Assessment
Checking that your security design is sufficient is the first thing you need to do. This assessment must identify any security gaps in your existing system as well as any holes that may exist in the cloud system. Since this technology is not in-house and under your control, you’ll need to take a hard look at potential vulnerabilities of the system and its interfaces.
Knowing who has access to what and how that access is protected is also key. Hosting your data remotely means you need a plan for damage mitigation and data recovery if there’s a breach beyond your control.
- Configuration Assessment
Your configuration assessment is a chance to map your implementation against the design to ensure everything is set up correctly, because a hole could be the entry point for an advanced threat to disrupt operations or take control.
Cloud services that aren’t intended for a multi-tenant environment may also be at a higher risk and one more reason why it’s important to have an expert review all your configurations.
- Cloud Controls Baseline Assurance
Although regulations are in place to lift everyone up to a secure baseline, complying can be confusing since regulations differ by industry, location, and the type of data you’re handling.
Those who fail to meet requirements could be looking at a hefty fine. While standards are in place to make IT more secure, simply meeting them doesn’t ensure against security breaches.
- Pentest and Vulnerability Testing
The last part of evaluating your security should be a Pentest and Vulnerability Test. Simulating the kinds of threats you’re trying to protect against gives you an idea of how much damage or scale of a data breach.
Although there is no 100% guarantee, it will give you a level of assurance knowing you’ve done due diligence and are compliant with the latest regulations.
2. Hybrid Identity
Today, more and more users require access to both on-premises and cloud applications, creating challenges for management.
Microsoft’s identity solutions span on-premises and cloud-based capabilities. These solutions create a common user identity for authentication and authorization to all resources, regardless of location. We call this hybrid identity and it’s managed via Active Directory.
Essentially, this allows centralization of Identity and Access Management in one secure location, and all interactions handled under Active Directory.
Navigating today’s ever-changing IT landscape and implementing and managing the latest technologies is challenging for most businesses. In light of the new privacy law, finding expert advisors who can help you maximize your IT investment now and for the future is more crucial than ever. There is a lot to do to ensure your company remains compliant with the new legislation. CrucialLogics can help.
Contact Us to book a complimentary 15-minute call to discuss the implications for your business.