Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Helping businesses maintain privacy and security of data

Claudiu Popa

28-May-2015 CPA Canada delivers second edition privacy and data security toolkit.



The second edition of the Canadian Privacy and Data Security Toolkit is intended to give business owners practical information, tools and resources to necessary for facing privacy and security challenges. CPA Canada is attempting to deliver information to help SMBs comply with legislation and best practices.
 
“It’s a timely publication, because we’ve been teased with breach notification law,” said author Claudiu Popa. “It looks like Bill S4, the new PIPEDA, will bring about breach notification requirements and change things in Canada. If you have breach notification requirements, you can no longer say, ‘We’re not detecting breaches.’ Which doesn’t mean if you’ve no breaches that no one’s trying to get in… it means you’ve not invested in technology to detect them.”

These days every organization must suspect break-ins and data loss, and invest in technology to detect vulnerabilities and breaches. IT budgets must be reallocated.

“Right now security is a small part of IT,” Popa said. “Operational budgets will have to get smaller, because security will drive things.”

That means training and certifications for those who manage that technology, meaning professionals with training in risk management. That’s a different from training to become a sys admin.

“We wanted to create a publication that is up to date and available to SMBs across Canada when they need it,” Popa said. “I had the pleasure of working with very talented editors. It’s very nicely worded and concise… it’s not a rambling tome. Months of effort went into ensuring it contains applicable tools and templates.”

With PCI-DSS 3 from the credit card issuers, and CASL already implemented, and the upcoming Bill S4, for the first time Canadian legislation has teeth. There are significant penalties for breaching those laws. It will become illegal to do the wrong thing, from a security and privacy perspective.

“There’s also more scrutiny into government activities,” said Popa. “The privacy salience is at an all-time high. People want to know what is happening to their information. The public doesn’t have time to invest in The Five Eyes, or what it means for their health records… so it’s important for businesses to know, as they’re the ones collecting the information. So we’ve made it easy for businesses to know how they must be responsible for that information.”
 
There was also changing of the guard in the Privacy Commissioner – those charged with protecting Canadians’ information. For the first and last time both outgoing and incoming Privacy Commissioners contributed to the same publication. 

“This toolkit is one place where you can find out about the notion of best practices, and how to comply without trampling the human right of privacy to Canadians,” Popa said. “We’re excited to have the support of government agencies and the Privacy Commissioner, as we did last time. It’s a privilege to me to contribute to the profession.”