The Digital Privacy Act that was passed into law in June 2015, resulted in amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Now, ten months later, the Government of Canada has given the opportunity to companies providing IT support Toronto and MSP’s across the country, to weigh in on specific regulatory language that will determine how the new law works out in practicality.
As it now stands, the Digital Privacy Act says that companies suffering “breaches of security safeguards” that have the potential of a “real risk of significant harm” to the owners of the information affected, will be required to notify the federal privacy commissioner of the breach.
The challenge comes in crafting regulations derived from the law in language that is unambiguous and executable. Some of these challenges are:
- What constitutes “Significant Harm”?
- How much information does the notification (to the government and individuals/organizations affected) have to contain?
- Which breaches rise to the level of necessitating a report to the federal privacy commissioner and notifying those whose information is affected?
- Who makes the determination of what breaches fall into the “Significant Harm” category?
Making these questions all the more challenging is the fact that failure on an organization’s part to comply with the law could cost them as much as $100,000.
Because of these questions and many others, Innovation, Science, and Economic Development Canada has released a discussion paper asking IT support Toronto and IT support across Canada to comment on twenty-six questions that will be used as the basis to formulate the final language and direction of the legislation. There will be yet one more opportunity for the IT support community to weigh in on the final language after the draft of the final regulations are published.
The goal of this legislation, of course, is to provide transparency to the consumer and to give people like you and me the opportunity to pursue remediation of real damage that has been done to us because of the affected organization’s security breach.
It is the hope of Innovation, Science, and Economic Development Canada that these consultation opportunities given to the IT support industry will result in regulations that are strong and workable without being over-reaching and onerous.
Both big industry and public interest advocates are making their case regarding the language of these new regulations as well. Coming from opposite points of view and competing interests, there is a wide gap between their conclusions. Some fear that the regulation’s language will harm business and cause too much bureaucratic red tape. At the other end of the spectrum are those who believe that the language being considered is too loose and will result in too few actual cyber-breach incidents being reported.
Whatever your personal take is on the new legislation and the proposed regulatory language, the government is giving opportunity for all points of view to be raised and discussed in the process.
Want to know more about how the proposed regulatory language of the Digital Privacy Act could affect your business? Give PACE Technical Services a call or email us at email@example.com. We are IT support Toronto that cares about the appropriate balance between privacy and commerce.