OTTAWA—A new Conference Board of Canada research Centre is working to tackle cyber security issues, starting with personal data privacy in the digital world. The first research from the Centre aims to get decision-makers and Canadians up-to-speed on privacy regulations and capable of making smart decisions.
While large privacy breaches like the Ashley Madison hack make Canadians cringe, smaller privacy breaches plague Canada nearly every day. Whether it’s unauthorized access to the electronic medical records of Canadian veterans or the accidental breach of potential homebuyers in Saskatchewan, many privacy breaches are the result of poorly designed policies and privacy practices.
“This is an area that is evolving at break-neck speed. New technology and public pressure have pushed Canada and its closest economic partners to seriously re-think and re-negotiate how they protect the privacy of their citizens,” said Satyamoorthy Kabilan, Director, National Security and Strategic Foresight, The Conference Board of Canada.
“Both the United States and Canada are in the process of implementing significant enhancements to their privacy protections, creating new compliance requirements for organizations and granting citizens more rights and legal recourse if their data is misused. In addition, the downfall of the longstanding EU–U.S. Safe Harbor privacy agreement in late 2015 has forced a fundamental redesign of the U.S.’s trans-Atlantic privacy protection system.”
The report highlights trends that firms should address in order to maintain proactive privacy compliance, including:
- Consent—The broad concepts of informed and implied consent are no longer sufficient. Regulators are increasingly demanding that consent be active, explicit, and easily understood.
- Breach notification—Enhanced regulations require organizations to report privacy breaches in a timely, comprehensive way. Failure to do so can result in steep fines and costs to a firm’s reputation.
- Territoriality—Privacy will have to balance the rights of national citizens against the borderless nature of e-commerce. The new EU-U.S. Privacy Shield will have an impact on this debate. If EU demands prevail, EU citizens’ right to privacy will travel with their data.
- Individual rights after consent—As regulators and industry get closer to figuring out how to get consent right, they will need begin enumerating the rights of individuals who have consented to data collection. They will also need to determine the appropriate remedies when those rights are violated.
- Answering public demands—As the pace and pervasiveness of technology continue to accelerate, regulators will have to strike a balance between protecting the public and insisting the public more meaningfully contributes to its own protection.