The Modernization of Privacy Laws and What This Means for Your Business

In a digital world where personal information is so easily collected and may easily be used for malicious intent, concerns about privacy and the protection of personal information has become an important topic. Globally, governments have implemented or are implementing privacy laws to reflect today’s realities.   

The European Union’s General Data Protection Regulation (GDPR) which regulates personally identifiable data was one of the first modernized privacy legislations to be adopted. Other governments have followed suit or have tabled reforms to current privacy laws that they are looking to adopt.  

In Canada, on the federal level, there is Personal Information Protection and Electronic Documents Act (PIPEDA). As recently as 2020, legislation was tabled to maintain, modernize, and extend existing rules and to impose new rules on private sector organizations for the protection of personal information. Ultimately, Bill C-11 did not become law, but they are working on tabling a new bill that would reform the current protection of personal information legislation. BC is looking at reforming their Personal Information Protection Act (PIPA) and Ontario has tabled a reform document as well. Most recently, Quebec passed into law Bill 64 which experts say, will be a template for the Canadian government as well as other provincial governments for reforming the protection of personal information legislation. 

Reforms 

A few of the areas of focus of the privacy reforms include: 

  1. Privacy by Default  

An approach to systems development that requires data protection to be taken into account throughout the system development process when collecting, retaining, using, accessing, sharing or any otherwise managing a person’s personal information. This includes deactivating profiling, tracking or identification technology, and giving individuals the opportunity to expressly opt for such features in accordance with their preferences. 

  1. Greater control of personal information  

The person whose personal information is being requested has more control over the information they provide. This includes: 

  • Transparency and accountability when it comes to consent, use, access, retention and with who and when it may be shared 
  • They have the right to de-indexation (requesting that personal information ceases to be disseminated) 
  • The anonymization (person cannot be identified) of personal information once the purpose for which it was collected has been achieved 
  • Data portability which gives a person the right to access their personal information as well as the right to ask that the information be communicated or transferred to themselves or a third party  
  1. Development, implementation and publication of detailed privacy policies and practices by businesses and organizations 
  1. Reporting and notification of breaches affecting personal information 
  1. Stringent enforcement mechanisms and heavy administrative penalties and fines by privacy commission of the jurisdiction for violations and offences in addition to, the ability for private action against the violators 

What does this mean for businesses? 

The reforms that have been tabled or already enacted by various government bodies in Canada and globally include more stringent requirements and enforcement mechanism. Additionally, penalties and fines for non-compliance are much more impactful.  

If not already done, organizations will have to develop, implement, communicate internally, and make public their privacy policies and practices. I order to do this they will need to have someone within the organization responsible for privacy. The privacy will need to understand how they collect personal information. What information they are collecting. The purpose of information. Who will have access. How it will be shared. Who it will be shared with. Where it will be shared. The interaction between the data and different applications and tools. How and where it will be stored. The retention period. How the data will be protected. What the breach protocols will be. What the incident response plan will be.  

IT Service Providers, like MicroAge, can help with the security, storage, backup, and recovery of the data. To understand the impact of the privacy laws on your organization, we recommend engaging with a legal expert with specific expertise in privacy laws. 

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

Google’s Chrome 68 Web Browser Will Flag All HTTP Sites “Not Secure”

In Google's eyes, websites using HTTP are not secure, so it is marking them as such, starting in the Chrome 68 web browser. Find out why Google is taking this stance.

Read More

When It Comes to Diagnostic Data, Windows 10 Is a Chatterbox

By default, Windows 10 sends a large amount of diagnostic data to Microsoft. If you are concerned about the types of data being sent, you might want to take advantage of the Diagnostic Data Viewer. Learn how to use this tool and what you can do if you do not like what you see.

Read More

Find Out What Data Microsoft Is Saving about You

If you use Windows 10 and have a Microsoft account, you can easily see the types of data that Microsoft has stored about you. Learn where you can find this data and how to delete it.

Read More

Why Using Gmail’s Confidential Mode Is Not a Good Idea for Businesses

As part of Gmail's redesign in 2018, Google introduced the Confidential Mode to protect sensitive information sent by email. Learn how it works and why you should avoid using it in your business.

Read More

What You Need to Know about Google Tracking Your Location

Google is tracking the whereabouts of billions of its customers, even when they tell the tech giant not to. Here is what you need to know about this practice, including how to minimize the amount of data being stored about you.

Read More