Personal Information & Data Privacy in Canada: What is PIPEDA? Does PIPEDA apply to your…
Protecting Your Online Privacy
There are different ways of approaching digital security from a legislative point of view. Indeed, cybersecurity legal frameworks are usually composed of:
- System protection
System protection includes provisions that aim at protecting Information Technology (IT) infrastructure. Relevant examples of this are the directives and recommendations directed at the 16 critical infrastructures designated as such by the Obama administration in the Executive Order 13636. As for proprietary information protection, it is often covered by intellectual property regimes and contractual agreements.
- Data protection
Data protection is widely addressed through the right to privacy, which entails significant restrictions on how personal information has to be stored by organizations.
Some industries are governed by general laws, such as PIPEDA, whereas highly regulated industries such as the financial and healthcare sectors have specific regulations.
For instance, American federal securities laws, and the Financial Industry Regulatory Authority (“FINRA”) rules require that business-related electronic records be kept in “write once, read many” (“WORM”) format, which prevents alteration or destruction. On December 21, 2016, FINRA sanctioned 12 firms based on this requirement, for a total fine of $14.4 million.
- Proprietary information protection regulations
In this context, it is critical for executives and security professionals alike to understand their obligations in terms of information security under privacy regimes. We gathered a few resources to stay up to date on privacy and cybersecurity:
Privacy and Cybersecurity Resources to Bookmark
- [Canada] The Privacy Commissioner of Canada – see especially, the Application of PIPEDA to employee records, the Guidelines for processing personal data across borders, this Privacy quiz for businesses and the The Guide for Businesses and Organizations.
- [Int’l, $] Teach Privacy – Privacy Awareness Training Program for Employees, covering a wide variety of subjects like privacy law overviews per region, the relationship between privacy and security, etc.
- [CA] Eloise Gratton – Privacy & IT Law Blog
- [US] Proskauer Law Firm Privacy Blog
- [US] Covington Law Firm Inside Privacy Blog
- [EU] Privacy Europe – Blog
- [CA/US] Dentons’ Privacy and Cybersecurity Law Blog
- [CA] Michael Geist’s Blog on Privacy (Critical perspective)
Twitter Accounts to Follow
Want to know more and be updated on privacy matters in real-time? Follow these Twitter accounts:
Of course, you can add us on Twitter as well: @HitachiSysSecurity !