Most businesses who have suffered a data breach will tell you it was one of the most challenging times of their professional careers. Data breaches are human events, both for the impacted customers and the incident response team in charge of executing the response. As such, human emotions come to the surface and can inhibit […]
New Canadian Data Breach Regulation Could Change How Businesses Approach Cyber Security
The 2017 Scalar Security Study – The Cyber Security Readiness of Canadian Organizations by Scalar Decisions, Inc., found a 44% increase in the average number of cyber-attacks against small and medium-sized business in Canada since 2014. Historically, Canadian regulations left it up to businesses to decide whether or not they reported data breaches publicly. Over the next few months this might be changing, however, as Canadian businesses are going to be required to start reporting breaches to the Office of the Privacy Commissioner of Canada (OPC) under the Digital Privacy Act. The Canadian federal government is in the final stages of enacting Canadian data breach regulation legislation, which should take effect in the next few months.
The new Canadian Data Breach Regulation requires businesses to:
- Report when the breach occurred
- Report exposed information
- Report how the attacker gained access
- Maintain updated records of all data breaches involving personal information
- Provide records to the Privacy Commissioner upon request
After the OPC reviews the collected information, they will decide whether it needs to be released publicly. The information collected by the commissioner’s office could also be useful to alert other businesses to the hackers’ tactics. These proposed regulations will ultimately require more transparency on cybersecurity than ever before.
While the EU, Australia, and U.S. are moving to stricter breach response regulations, the rest of the world seems to be trying to catch up. For businesses, this increase in global data breach response regulations is resulting in initiatives to establish sound breach response protocols and to be ready to respond before a data breach occurs. If you want to learn more about the expected changes in international regulations, check out the proposed breach response regulations for Canada, the EU, Australia, and the U.S.