Encouraging news came on June 12 (https://www.lapresse.ca/actualites/politique/2020-06-12/donnees-personnelles-des-amendes-pouvant-aller-jusqu-a-25-millions) when the Minister Responsible for Democratic Institutions, Electoral Reform and Access to Information Sonia LeBel presented Bill 64 to modernize the Privacy Act. This is a concrete step in the area of information security which, let’s face it, was badly needed. It is the penalties for violators that are undergoing the most significant changes by becoming much more biting. Fines, clearly modelled on those imposed by the European Union’s GDPR, which can range from $15,000 to $25 million (or 4% of turnover) in criminal law, will make IT managers in both the public and private sectors think again.
We very much like the measures to improve citizens’ rights over their personal information. We can all now demand the destruction or anonymization of our data (with a tool like DataStealth for example) when the purposes for which it was collected have been achieved.
Another novelty that has caught our attention is that companies subject to the law will have to appoint a privacy officer. Let’s bet that some managers will hesitate before agreeing to carry this burden on their shoulders. After all, who wants to be held accountable for information protection failures?
Security Consultant, ESI Technologies