Cost of Cyber Breach Rises Due To New Canadian Laws November 1st 2018
Our Saskatoon IT Tips are from the Trusted professionals at Burnt Orange Solutions. We promise to have a one-hour response time for all your Saskatoon IT support needs. Honesty and respect are important to us. In our latest IT Expert tip Article, we discuss The Personal Information Protection and Electronic Documents Act ( PIPEDA) and how it relates to the cost a company may have to pay if they experience a cyber breach.
Cyber Breach Is Costly
Changes to PIPEDA came into force on 1st November 2018 will have a marked effect on how organizations much react to a cyber breach.
Does PIPEDA new cyber breach law apply to you ?
The quick answer is yes! Any organization which holds information on individuals will now be required by law to inform all the individuals who have had their data/privacy impacted and the Office of the Privacy Commissioner of Canada.
Organizations will also be required to a create ‘breach file’ containing all the information on the particulars of a breach. This record is to be kept for 24 months and must be made available to legal proceedings and possibly cyber insurance service providers.
The report to the Commissioner will need to be in a specific format, be sent by any form of secure means and contain the following:
- the circumstances of the breach and, if known, the cause;
- the date or period during which the breach occurred, or, if neither is known, the approximate period;
- the personal information that is the subject of the breach, to the extent that the information is known;
- the number of individuals affected by the breach or, if unknown, the approximate number;
- the steps that the organization has taken to reduce risk or mitigate harm to individuals that could result from the breach;
- the steps that the organization has taken or intends to take to notify affected individuals; and
- the name and contact information of a person who can answer, on behalf of the organization, the Commissioner’s questions about the breach.
Individuals harmed by the breach must be informed of the breach with sufficient information to allow them to understand the significance to them of the breach and to take step, if possible, to reduce the risk of harm to them. This notification must include:
- a description of the circumstances of the breach;
- the day on which, or period during which, the breach occurred or, if neither is known, the approximate period;
- a description of the personal information that is the subject of the breach to the extent that the information is known;
- a description of the steps that the organization has taken to reduce the risk of harm that could result from the breach;
- a description of the steps that affected individuals could take to reduce the risk of harm that could result from the breach or to mitigate that harm; and
- contact information that the affected individual can use to obtain further information about the breach.
From a cyber breach security point of view, the Saskatoon IT professionals at Burnt Orange Solutions are more interested in preventing an embarrassing data breach. Particularly for a small company of less than 100 staff, this new reporting requirement will put a heavy strain on staff and management.
As with all things, an gram of prevention is worth a kilo of cure. Burnt Orange Solutions team have put together a cyber security service for Saskatchewan businesses which will protect them from harm. With 11 layers of security, this is the crème de la crème of security services available to organizations in Saskatchewan.
We can assure you it costs a lot less than reporting a breach and the PR battle to rebuild your reputation after being emblazoned across the Star Phoenix, Global News or Facebook . Our Saskatoon IT and data protection orofessioals are here to help you.
We hope this article gave you some insight. If you want to ensure your business’s IT security, contact the Trusted Saskatoon IT professionals at Burnt Orange Solutions and we can take IT worries off your plate.
Burnt Orange IT Solutions Products & Services:
- Managed Networks
- Backup and Recovery
- Data and Network Security
- Hosted Services
- Telephone Systems
- Secure WiFi Networks
“IT Support You Can Trust and Understand”
Burnt Orange Solutions are Trusted Saskatoon IT Experts