Law Requires Canadian Companies to Disclose Information about Data Breaches

Law Requires Canadian Companies to Disclose Information about Data Breaches

Data breaches are an ongoing threat for Canadian consumers and new reports say there are finally going to be regulations to protect them put in place.

The new law is effective as on November 1, 2018. Under this new legislation, all Canadian companies will be mandated to tell consumers when a data breach has put their personal information at risk. A little research shows that the original Digital Privacy Act was in fact enacted in 2015 to accomplish the same goal.

Under this new law, Canadian organizations will need to provide the following:

• A full description of the data breach that will include the type of data that is at risk.
• How any consumers that have been affected by the breach can take steps to reduce their risk going forward.
• A full accounting of how the company involved has taken steps to reduce any of the consequences.
• A full detailed accounting of how each individual who is affected can use the company’s complaint procedure.

There’s more information about the Digital Privacy Act available through the Office of the Privacy Commissioner of Canada.

What to Do If our Business is Hacked or Has a Data Breach
Unfortunately, in today’s business world data breaches are a fact of life. Cyber criminals are constantly evolving their tactics and plans of attack. Here’s a few quick things you can do when you find out there’s been a data breach.

Suspend Operations
Getting any affected devices off-line as quickly as possible can minimize damage. It’s important not to shut anything off right away because you might make the situation worse. Wherever possible, it’s a good idea to take a print screen so you can check for any clues after the attack is over.

Change Passwords
Keep in mind that many data breaches rely on compromised passwords. That’s why it’s a good idea to change them as soon as possible. This is a great way to stop the data breach in its tracks if it’s ongoing.

Access the Damage
Once everything is stabilized, it’s time to find out what systems and other parts of your network have been compromised and/or damaged. This is the time where you want to find out what information has been accessed and how many of the systems in your network have been utilized in the attack.

Keep in mind the only way you’ll be able to prevent another attack this by carefully going through this process.

Find Out How the Attack Happened
It’s essential to find out not only what happened, but how it happened. At this stage you should be looking at several variables like an employee giving out a password to another person. If you take a look through your system should be to see any areas where you are missing an updated patch.

It’s also a good idea to take a look at your supply chain. It’s often the case that a company being targeted can be attacked from several different areas at once.

Find the Fix
Once you’ve gone through all the other steps, you’ll be able to find the fix to make sure the problem doesn’t happen again. The changes you might need to make can include updating firewall rules, running more antivirus and malware scans or maybe just update the existing software you have.

Keep in mind that every data breach occurs because of some gap in your security. Sometimes, all that’s needed is to bring in a two-tiered authentication process. Staying on top of all the latest viruses with a subscription to an appropriate service is another great idea.

Cyber Security Assurance

Do you want to know how secure your systems are?

Get a Security Audit Now

As us about a network security audit for your business network systems.

Click here for more details.

Helpful Articles

How to Spot and Avoid Getting a Computer Virus

Four Tips To Keep Your Mac or PC Computer Safe From a Cyber Attack

IT Security Protection


Leave a comment!

All fields marked with an asterisk* are required.