Industry Insights

Blog, Business, News and Events, Security, Technology

New privacy rules will force Canadian companies to disclose data breaches

by | Friday, November 2nd, 2018

New privacy rules designed to better safeguard the personal data of Canadians and let them know when it has been breached take effect November 1, 2018, but even security experts say they are far from perfect.

The legislation, known as the Personal Information Protection and Electronic Documents Act (or PIPEDA) do a lot of things, but most importantly from a consumer’s perspective, it requires Canadian companies to alert their customers any time their personal information may have fallen into the wrong hands.

Much of the law is aimed at preventing breaches in the first place, but as of now, companies big and small are required to notify the office of the Privacy Commission of Canada any time there’s “a real risk of significant harm to an individual” from a security breach, even if the exact terminology of what constitutes a breach will still be open to interpretation. Among the new rules is a requirement that companies must keep accurate data about cybersecurity safeguards for two years following, in case breaches are revealed down the line. The law also calls for “appropriate” digital safeguards at all parts of the business, including dealings with third party contractors. The rules call for stiff penalties, too — up to $100,000 per violation — a sum that should be enough to frighten many businesses into updating their IT infrastructure. But many will have problems complying with the new rules, partly because of a lack of awareness.

“The vast majority of business owners don’t know that this is happening,” says Monique Moreau, a vice-president at the Canadian Federation of Independent Business. “Among all the changes and government regulations,” she says, “data breach reporting requirements are not going to be top of the list.” She gives the example of a theoretical local, small business such as a bicycle shop, that likely emails its existing customers a few times a year, to alert them of new sales. Previously, that store likely didn’t have to think very much about what email service they were using, or where the credit card data was being stored from any sales they conducted online. “But now these guys are going to take the fall because the email service they were using got hacked,” she says.

See original CBC News article here

A Glimpse Into What Compliance Looks Like for Businesses

Apr 7, 2025 | ,

It’s easy to see all the reasons why you should make data regulations and compliance a priority. After all, you want to ensure you don’t violate the trust and security of your customers, as well as the integrity of your operations. If you make even one mistake, it...

AI Search Isn’t There Yet

Apr 4, 2025 | ,

People do this all the time: if they don’t know an answer, they just make something up that sounds right. It turns out AI has the same bad habit. A Study Put AI Search to the Test, and It Did Not Go Well Researchers at the Tow Center for Digital Journalism (part of...

Remote Work Is Great, but There Are Some Pitfalls

Apr 2, 2025 | ,

Do you have employees working remotely? If you do, the real question is, are you doing everything you can to keep them productive and secure? Remote work is awesome, but it comes with its fair share of risks. Today, we get into how to competently confront them. Remote...

Hiring IT is Hard (Here’s How to Make It Easier)

Mar 28, 2025 | ,

Do you have someone on your staff who can handle most IT-related issues for your business? If not, we’re sure your organization feels it in more ways than one. The issues that come from not having IT help are only made more frustrating when it comes time to find IT...

Let’s Take the Lid Off of CAPTCHA

Mar 21, 2025 | ,

We've officially reached the point where humans have to prove they're, well, human just to access websites. One of the most common ways to do this? CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It might sound...

Automation Isn’t Always the Best Business Option

Mar 17, 2025 | ,

Automation makes sense from an operations standpoint, and people see this despite the many who advocate for scaling back to save jobs. For every task that can be completed, however, less than half can be automated. When you consider all the tasks that a human might be...

More Reading from Industry Insights:

AI Search Isn’t There Yet

by | Apr 4, 2025 | ,

People do this all the time: if they don’t know an answer, they just make something up that sounds right. It turns out AI has the same bad habit. A Study Put AI Search to the Test, and It Did Not Go Well Researchers at the Tow Center for Digital Journalism (part of...

Hiring IT is Hard (Here’s How to Make It Easier)

by | Mar 28, 2025 | ,

Do you have someone on your staff who can handle most IT-related issues for your business? If not, we’re sure your organization feels it in more ways than one. The issues that come from not having IT help are only made more frustrating when it comes time to find IT...