Reports of data incidents occurring at major retailers, government departments and financial services, means rapidly changing privacy and cybersecurity legislation. Legislation with new obligations with respect to breaches of security safeguards. Failure to establish those safeguards is not an option.
Any company that collects, uses or discloses personal information in the course of its commercial activities is subject to new rules and best practices for preventing and reporting privacy breaches, record keeping, and obtaining valid consumer consents. Consumers expect companies to take market-leading steps to protect personal and financial data.
Broader enforcement powers and penalties from the Privacy Commissioner of Canada means companies are now operating with an increased risk of monetary penalties and a heightened potential for damage claims. It is imperative that organizations stay current and review their policies and infrastructure—review their allocation of risk.
We can help clients ensure compliance and develop a disciplined risk-based approach in this new landscape.
How it Works
With an understanding of security threats specific to your industry/organization type, we work with you to scope and conduct an audit of your privacy infrastructure, which may include privacy policies, employee policies, inventory of personal information (includes an evaluation of existing consents), access controls, document retention practices and information security platforms.
We conduct a gap analysis and prepare a risk management chart outlining tangible steps that can be taken to ensure clients are equipped to implement a complete readiness program (including new amendments to PIPEDA), and be able to proactively respond to evolving threats.
In addition to recommending changes to existing policies and procedures, we assist with a full review of the implementation process.
How Clients Benefit
Cost transparency: Through a fixed fee model, we leverage the industry’s most mature project management tools and software to provide cost transparency and detailed scopes and work plans.
Proactive risk management: Leverage the expertise of Canada’s first multi-disciplinary Cybersecurity, Privacy and Data Protection Group to proactively review, assess and upgrade policies, putting yourself in front of legislation changes.
Protection of privilege: As trusted legal advisors, we can ensure appropriate protection of privilege should a claim or enforcement action ever be brought against a client. This distinguishes us from consulting firms.
End-to-end solutions: This solution can be paired with others like our Document Retention Toolkit and Incident Response & Readiness Plan Diagnostic to create a comprehensive cybersecurity, privacy and data protection solution.