{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
Canada now has mandatory privacy breach legislation in place at the federal level. Effective November 1, 2018, companies subject to Canada’s privacy law, the Personal Information Protection and Electronic Documents Act, will be required to record and report breaches of security safeguards. The new breach rules may require changes to your breach management and privacy practices.
The breach of security safeguards regulation, introduced through the Digital Privacy Act, includes three main requirements:
Report to the Office of the Privacy Commissioner of Canada (OPC) and notify affected individuals and third parties (who can mitigate harm) of a breach.
Retain records of all data breaches and share them with the OPC on demand.
Determine if it’s a breach of security safeguards and whether it poses a real risk of significant harm.
By establishing or enhancing your breach response plan and broader privacy program, you can:
Improve your competitive advantage by enhancing customer trust and loyalty, heightening privacy awareness across the company and achieving greater efficiency among the privacy, security, information technology and data governance functions
Reduce risk, as responding poorly to a breach may lead to increased regulatory scrutiny (such as an investigation, audit, review of the entire privacy program and sanctions), financial penalties (such as fines, lost shareholder value or lawsuits) and a reputational hit (through reduced customer trust, brand value and revenue)
We sit down with Pamela Snively, Chief Data & Trust officer at TELUS, for expert insights on embracing innovation while protecting customer privacy.
Understand your current state of preparedness and how you compare to your peers. Get valuable insights into the work needed to get to your goal or demonstrate due diligence in your preparation efforts. The tool helps to:
Answer key questions: The tool features a comprehensive set of questions related to the breach of security safeguards regulations.
Assess breach response readiness: Responses are assessed according to regulatory requirements, practical experience and industry practice.
A breach program baseline includes:
risk assessments, data inventory and mapping and program development
examining incident and breach response policies, processes and procedures
breach response plans, including mock breach events
assessing insider threats
training and awareness programs
What are the options to manage a breach?
Privacy as a Service (PraaS): outsourced privacy office support, breach response procedures, training and risk assessments
Security and privacy operations centre services: an integrated approach encompassing both cyber and regulatory responses to incidents
Cyber incident response services: incident response and threat detection, compromise discovery and ongoing support through reporting, analysis, notification and outcome
PwC has an experienced privacy team with global reach and proven tools and accelerators to help you get ready. Contact us to find out more.