New Canadian Data Breach Law - And Why It Matters to You
Starting November 1st, the Federal Government is implementing a law that will require companies to disclose any data breaches to their stakeholders. Businesses that do not abide by the new law could be facing fines of up to $100,000 per violation.
But, does this apply to your business? And, if so, what do you need to know?
The new data breach law, which amends the Personal Information Protection and Electronic Documents Act (PIPEDA), requires businesses to recognize and disclose any data breaches that possess “a real risk of significant harm” to the applicable parties. When such a breach happens, the business is required to share their knowledge of the breach with the Privacy Commissioner of Canada, their customers, and any other applicable third parties. This law will apply to any Canadian companies outside of British Columbia, Alberta, and Quebec (who have their own provincially regulated data laws). For more information, please visit Canadian Lawyer or IT World Canada.
The Need to Knows
If your business actively collects, stores, or works with data, you should consult with a privacy lawyer to confirm how pertinent the law is to you and what repercussions a potential breach could mean. In addition, your business should take the following into consideration:
- Is your website’s hosting secure? Hosting your website(s) on less secure platforms like GoDaddy may leave you more susceptible to hacks and breaches. With proper hosting in place, you could save hundreds of thousands of dollars in the long run.
- Who is responsible for data privacy at your business? If you are not an international business, you likely do not have enough budget to hire a full-time privacy officer. Identifying who on staff is responsible for this or hiring a contractor, as well as consulting with a privacy lawyer, is critical.
- What data are you storing and who has access? Many businesses acquire, file, and store a large volume of information about their customers. Not all of this personal information, however, may be the kind that you would ever use in your operations. Limiting the breadth of data you store and who has access can help protect you from potential breaches.
- Are you ready for a breach? A data breach is not part of anyone’s preferred business plan. But, it should be part every CEO’s contingency plan. Preparing for and reacting swiftly to any data breach can dramatically decrease the chance of major PR issues and legal repercussions.
We urge you to seek out legal advice prior to Nov. 1st to ensure that you dot your Is and cross your Ts when it comes to your IT and data. While our team Snaptech cannot give legal advice, we would be happy to help you improve your website security and minimize the chances of a breach.
Give us a call at (604) 677-0742 today for complementary web analytics strategy session!