Protection of personal information: the end of a certain laxity?
Encouraging news came on June 12 when the Minister Responsible for Democratic Institutions, Electoral Reform and Access to Information Sonia LeBel presented Bill 64 to modernize the Privacy Act. This is a concrete step in the area of information security which, let’s face it, was badly needed. It is the penalties for violators that are undergoing the most significant changes by becoming much more biting. Fines, clearly modelled on those imposed by the European Union’s GDPR, which can range from $15,000 to $25 million (or 4% of turnover) in criminal law, will make IT managers in both the public and private sectors think again.
We very much like the measures to improve citizens’ rights over their personal information. We can all now demand the destruction or anonymization of our data (with a tool like DataStealth for example) when the purposes for which it was collected have been achieved.
Another novelty that has caught our attention is that companies subject to the law will have to appoint a privacy officer. Let’s bet that some managers will hesitate before agreeing to carry this burden on their shoulders. After all, who wants to be held accountable for information protection failures?
Marco Estrela
Security Consultant, ESI Technologies
You might also like
Risk and Compliance Governance
For a long time considered as a purely technical domain, we have been observing, for a few years now, a paradigm shift in cybersecurity management.
Identify and prioritize cybersecurity investments
In order to produce the information security action plan, the initiatives should be carried out over a period of time based on various factors that are well known in project portfolio management, such as the company's strategic orientations, the availability of resources, etc.