Data privacy, trust and governance strategy

Unlocking the value of data in a trusted, secure and privacy-protective way

Featured - 4 items

Building trust in EMRs

PwC Privacy and Security Standard for EMRs

The shift in virtual care

PwC Privacy and Security Virtual Care Standard

OSFI's final B-13 requirements

Technology and cyber risk management priorities

Building data trust

Canadian Consumer Privacy Protection Act impact and readiness survey

In Canada, governments are proposing new privacy laws to give individuals more control over and transparency into how companies handle personal information.

With recent legislative initiatives like the Digital Charter Implementation Act, 2020 (Bill C-11), entitled the Consumer Privacy Protection Act (CPPA), and Quebec’s Bill 64, organizations are facing increasing challenges to getting value out of data responsibly and securely.

Other jurisdictions are looking to follow suit with their own new laws. With discussions about privacy taking centre stage amid the growing demand for data, people are more aware of their privacy rights than ever before.

The changing landscape means privacy and data protection are fundamental business issues, regardless of which jurisdiction an organization is in or where it does business. As concern about privacy becomes a global phenomenon, organizations are collecting and processing large amounts of personal information, including sensitive personal information, which means privacy, security and trust are becoming increasingly vital and intertwined.

How we can help

We can help you rise to the challenge of privacy management and build data trust by helping you develop, operate and maintain an effective privacy program through our business expertise, technology, tools and ongoing support. As a result, you can focus on your core business, improve your competitiveness, build customer trust and continue to drive the most value from your data.

Our services

Strategy and governance: Define an overarching privacy program governance structure, roles and responsibilities designed to coordinate, operate and maintain the program on an ongoing basis.
Policy management: Document privacy policies, notices, procedures and guidelines formally to make sure they’re consistent with applicable laws and regulations.
Cross-border data transfer: Determine go-forward cross-border data transfer strategy based on current and future planned data collection, use and sharing.
Data life cycle management: Create ongoing mechanisms to identify new personal data processing and use activities and implement appropriate checkpoints and controls.
Individual rights processing: Enable the effective processing of consent and data subject requests, such as data access, deletion and portability.

Privacy by design: Develop a strategy and playbook for privacy by design to incorporate privacy controls and impact assessments throughout the data life cycle for new and changing data use initiatives.
Information security: Identify existing security information protection controls and align security practices with regulatory considerations.
Incident management: Align incident response processes with regulatory specifications and reporting requirements. Establish a triage approach to evaluating potential privacy.
Data processor accountability: Establish privacy requirements for third parties to mitigate risks associated with access to the organization’s information assets. Inventory third parties where personal data is transferred.
Training and awareness: Define and implement a training and awareness strategy at the enterprise and role levels.