Ontario's Privacy Law | Technology Convenience or Inconvenience? | The Cyber Review

June 21, 2021
Written by Farah

Proposed Ontario Privacy Law: Includes Multi-Million Corporate Fines

Ontario is getting closer to creating its own provincial privacy law that would include a right to privacy and a corporate obligation to report privacy breaches because the federal privacy legislation, which Ontario has to rely on, is flawed.

Quebec, British Columbia and Alberta have their own private sector privacy laws. The other provinces and territories follow the federal Personal Information Protection and Electronic Documents Act (PIPEDA). The Liberal government has proposed overhauling PIPEDA with a new law to be called the Consumer Privacy Protection Act (CPPA, also known as Bill C-11).

The penalties are severe.

A maximum administrative penalty of $10 million or three per cent of an organization’s gross global revenue for violating the law. For failing to report a breach of security safeguards, failing to abide by a compliance order or de-identifying personal information that had been de-identified, an organization might be penalized up to $25 million or five per cent of its global revenue.

The provincial privacy law would include non-commercial organizations such as charities, not-for-profit organizations, trade unions and non-commercial activities. These groups wouldn’t be covered under the CPPA.

Briefly, the white paper suggests passing a law that checks the following:

  • Creating a rights-based approach to privacy. Possibly giving individuals more control over their personal information, including the right to ask for their personal data in a digital format. Collected personal information by organizations can be asked to be deleted (the so-called right to be forgotten).
  • Creating a safe use of automated decision-making (otherwise known as artificial intelligence (AI) or machine learning).
  • Enhancing individual consent and lawful uses of personal data by organizations that collect it.
  • Mandating data transparency for all Ontarians so they are aware of how their data is used, collected and disclosed and can exercise their right to privacy.
  • Giving ways of protecting children and youth from threats such as cyber bullying.
  • Creating “a fair, proportionate and supportive regulatory regime.”
  • All while at the same time supporting Ontario innovators.

The right to privacy is supported by affirming important data rights that allow Ontarians to access, correct, transfer and dispose of their own personal information.

When “Easy-Does-It” Becomes “Easy Doesn’t”: How Technological Convenience Necessitates Cybersecurity Awareness in Business

Maximizing user convenience in exchange for data has become the key for social media, app developers, and other businesses. Especially when tools and softwares give free access, one must think how is the company benefitting?

Internet of Things (IoT) devices bring a whole new risk to companies. These IoT devices have weak security measures, and companies need to keep this in mind. Having smart appliances like fridges, lights, or remotes in company rooms can lead to cyber incidents. The more connected devices in a building, the more entry points for hackers to enter from.

Companies should strongly consider robust endpoint security measures to prevent ‘invasive’ IoT devices from penetrating their systems if they anticipate their remote workforce ever getting bored or amorous or both.

We can't emphasize enough the importance of having strong passwords, yet employees often have easy ones like "1234" or "password" thinking their company network is secure. Having a weak password can lead to an internal account breach which is when someone hacks into the network via an internal account. So, having weak passwords can not only harm your personal information but company information too.

Keep your system and networks safe by updating your software. Install updates at the end of each day so systems can remain safe.

Without software updates, the services you depend upon will run slowly, be less secure, and will leave your business open to more cybersecurity threats.