New tool to strengthen personal data security

Alberta, B.C., federal privacy commissioners work together

The federal, Alberta and British Columbia privacy commissioners have launched a new online tool that will help businesses better safeguard the personal information of customers and employees.

The Securing Personal Information: A Self-Assessment Tool for Organizations is a detailed online questionnaire and analysis tool to help organizations gauge how well they are protecting personal information, in keeping with the applicable private sector privacy law.

“In a commercial transaction, clients and customers entrust their personal information to businesses,” said Jennifer Stoddart, privacy commissioner of Canada. “They expect the organization to keep that personal information safe and to treat it with care and respect. This new tool will help organizations meet those expectations.”

The tool is comprehensive and detailed but also offers users the flexibility of focusing on areas most relevant to their own enterprise, said a release. The self-assessment and analysis process results in a framework that organizations can use to systematically evaluate and improve data-security practices.

“Cleaning up after a data breach can be very costly for business,” said B.C. privacy commissioner Elizabeth Denham. “In addition to the time and energy that need to be diverted in order to mitigate the damage, a breach can also harm an organization’s reputation and that can be much costlier than investing in better information-security practices in the first place.”

In Canada, commercial activities are subject to privacy legislation. The federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), applies to commercial activities in all provinces, except those that have enacted substantially similar legislation. British Columbia, Alberta and Quebec all have their own privacy legislation covering the private sector or commercial activities. Ontario has legislation covering personal health information, which is considered substantially similar to the federal law. Ontario has legislation that covers health information custodians and is also considered substantially similar.

Under all of these laws, organizations that collect or hold personal information must take the necessary steps to protect it from unauthorized access, collection, use, disclosure, copying, modification, disposal and destruction.

The Securing Personal Information Self-Assessment Tool is available online.

Latest stories