Ontario is getting closer to creating its own provincial privacy law that would include a right to privacy and a corporate obligation to report privacy breaches because the federal privacy legislation, which Ontario has to rely on, is flawed.
Quebec, British Columbia and Alberta have their own private sector privacy laws. The other provinces and territories follow the federal Personal Information Protection and Electronic Documents Act (PIPEDA). The Liberal government has proposed overhauling PIPEDA with a new law to be called the Consumer Privacy Protection Act (CPPA, also known as Bill C-11).
The penalties are severe.
A maximum administrative penalty of $10 million or three per cent of an organization’s gross global revenue for violating the law. For failing to report a breach of security safeguards, failing to abide by a compliance order or de-identifying personal information that had been de-identified, an organization might be penalized up to $25 million or five per cent of its global revenue.
The provincial privacy law would include non-commercial organizations such as charities, not-for-profit organizations, trade unions and non-commercial activities. These groups wouldn’t be covered under the CPPA.
Briefly, the white paper suggests passing a law that checks the following:
The right to privacy is supported by affirming important data rights that allow Ontarians to access, correct, transfer and dispose of their own personal information.
Maximizing user convenience in exchange for data has become the key for social media, app developers, and other businesses. Especially when tools and softwares give free access, one must think how is the company benefitting?
Internet of Things (IoT) devices bring a whole new risk to companies. These IoT devices have weak security measures, and companies need to keep this in mind. Having smart appliances like fridges, lights, or remotes in company rooms can lead to cyber incidents. The more connected devices in a building, the more entry points for hackers to enter from.
Companies should strongly consider robust endpoint security measures to prevent ‘invasive’ IoT devices from penetrating their systems if they anticipate their remote workforce ever getting bored or amorous or both.
We can't emphasize enough the importance of having strong passwords, yet employees often have easy ones like "1234" or "password" thinking their company network is secure. Having a weak password can lead to an internal account breach which is when someone hacks into the network via an internal account. So, having weak passwords can not only harm your personal information but company information too.
Keep your system and networks safe by updating your software. Install updates at the end of each day so systems can remain safe.
Without software updates, the services you depend upon will run slowly, be less secure, and will leave your business open to more cybersecurity threats.