Consulting with a Conscience™

A cruciallogics blog

Written by CrucialLogics
on November 30, 2020

The Canadian government is proposing the Digital Charter Implementation Act, 2020. This bill is one of the largest overhauls in the nation’s privacy law for decades and is designed to increase the protection of personal information in the private sector.

 The legislation aims to ensure that a modern law protects Canadians while providing businesses with transparent rules as technology continues to evolve. If passed, the bill would deliver the harshest fines among G7 privacy laws, meaning huge fines on private companies that breach the privacy of Canadians. Companies charged with the most serious offenses could be fined up to $25 million or 5% of their revenue—whichever is greater.

In addition to strong penalties for violations, the bill consists of a total of 10 principles that also include:

  • Increasing control and transparency of personal data by companies;
  • giving Canadians greater control over who is using their data and the freedom to securely move their information from one organization to another;
  • allowing Canadians to demand that their information be disposed of when consent is withdrawn;
  • ensuring consent is only valid when a company uses clear and comprehensible language

3 Ways CrucialLogics Can Help Be Compliant With This Regulation

Although the size of the fine is daunting, it’s also avoidable by ensuring your company is making the right technology decisions.

1. Advisory and Assurance Service

CrucialLogics has plenty of experience in identifying and controlling technology and mitigating financial and operational risks embedded in business systems. Clients can feel secure in knowing their IT risk management and controls architecture is optimized.

We will not only ensure that you’re up-to-date and compliant with all government regulations, but we’ll also offer guidance and effective strategies to ensure controls are executed for outsourcing or offshoring IT services. This includes providing pre- and post-implementation assistance for vendors to confirm they are also compliant.

Rather than having to wade through reams of information and running the risk of millions of dollars in fines, consider the benefits of getting an outside perspective from specialized experts who are able to assess your systems and provide a solution based on their experience. At CrucialLogics, we have interpreted the legislation and understand how to get you and keep you compliant.

2. Cloud Data Protection

In order to guarantee a secure, cloud-friendly IT department, we recommend a 4-prong approach to cover your assets.

A. Security Design Assessment

Checking that your security design is sufficient is the first thing you need to do. This assessment must identify any security gaps in your existing system as well as any holes that may exist in the cloud system. Since this technology is not in-house and under your control, you’ll need to take a hard look at potential vulnerabilities of the system and its interfaces.

Knowing who has access to what and how that access is protected is also key. Hosting your data remotely means you need a plan for damage mitigation and data recovery if there’s a breach beyond your control.

B. Configuration Assessment

Your configuration assessment is a chance to map your implementation against the design to ensure everything is set up correctly, because a hole could be the entry point for an advanced threat to disrupt operations or take control.

Cloud services that aren’t intended for a multi-tenant environment may also be at a higher risk and one more reason why it’s important to have an expert review all your configurations.

C. Cloud Controls Baseline Assurance

Although regulations are in place to lift everyone up to a secure baseline, complying can be confusing since regulations differ by industry, location, and the type of data you’re handling.

Those who fail to meet requirements could be looking at a hefty fine. While standards are in place to make IT more secure, simply meeting them doesn’t ensure against security breaches.

D. Pentest and Vulnerability Testing

The last part of evaluating your security should be a Pentest and Vulnerability Test. Simulating the kinds of threats you’re trying to protect against gives you an idea of how much damage or scale of a data breach.

Although there is no 100% guarantee, it will give you a level of assurance knowing you’ve done due diligence and are compliant with the latest regulations.

3. Hybrid Identity

Today, more and more users require access to both on-premises and cloud applications, creating challenges for management.

Microsoft’s identity solutions span on-premises and cloud-based capabilities. These solutions create a common user identity for authentication and authorization of all resources, regardless of location. We call this hybrid identity, and it’s managed via Active Directory.

Essentially, this allows the centralization of identity and access management in one secure location, and all interactions are handled under the Active Directory.

To Wrap Up

Navigating today’s ever-changing IT landscape and implementing and managing the latest technologies is challenging for most businesses. In light of the new privacy law, finding expert advisors who can help you maximize your IT investment now and for the future is more crucial than ever. There is a lot to do to ensure your company remains compliant with the new legislation. CrucialLogics can help.

Contact Us to book a complimentary 15-minute call to discuss the implications for your business.

You may also like:

Data Security Cybersecurity

Data Loss Prevention – Protect Your Data with a Risk Plan

Protecting your data and understanding how you recover from a data loss event is key for any IT department. Even the bes...

Data Security

Data Security Issues: How to Lose Your Data in 10 Days

It’s no secret that data loss can be catastrophic for an organization, leading to financial losses and reputational dama...

IAM Active Directory Data Security Cybersecurity

4 Cybersecurity Solutions Everyone Is Talking About

Cybersecurity is a hot topic due to the steady rise of cyberattacks and threats. Companies of all sizes have many vulner...