On November 17, 2020, the federal government introduced Bill C-11, the Digital Charter Implementation Act, 2020 (DCIA), which, if passed, will significantly reshape the Canadian privacy landscape. Organizations handling personal information must consider how the CPPA could impact their operations and take steps to implement the necessary data protection procedures to meet their obligations under the new law.
Canadian companies doing business with partners based in the EU – and where personal data collection, use and/or disclosure could take place – cannot lose sight of the impact the General Data Protection Regulation (GDPR) may have on their operations, especially when it comes to the cost of non-compliance.
Nova Scotia recently became the eighth province to onboard the federal government’s COVID-19 exposure notification application. Public health officials believe that if it is widely used across Canada, COVID Alert has the potential to provide an efficient way of tracing the virus. However, the introduction of this tracking technology into the national COVID-19 response presents new privacy issues for Canadians to consider.
In late March, Canada’s Communications Security Establishment warned researchers across the country to secure their COVID-19 data because “sophisticated threat actors” were exploiting the chaos of the pandemic in an effort to steal critical vaccine research. However, there has been little to no discussion beyond the CSE’s repeated warnings as to just what is being done to protect the important work of our local health and science experts.
Ransomware and phishing attacks are on the rise, as are the significant legal and economic considerations that follow. As businesses adapt to the “new normal” of extreme uncertainty caused by the COVID-19 pandemic, countless employees are faced with the prospect of working remotely in a variety of new (and sometimes less-than-secure) environments. Cybercriminals have taken notice.
Local and global data breaches remain headline news. From Facebook’s disclosure of its sharing of millions of users’ profiles (without their consent) to the recent data breach involving the Nova Scotia government’s Internal Services website, awareness is growing about privacy rights, how people share data, and how personal information is protected.
For any business today, the reality of day-to-day functioning and management involves mass-communication, networking, marketing, and the organization of important confidential information on secured computer networks.