|
Privacy Advisory Services
|
There has been significant changes to privacy regulations around the world, and consequently the protection of personal information has become a critical and necessary activity for all organizations. The frequency and magnitude of privacy breaches has increased dramatically as businesses move activities online. As a result, Boards and executive management need to be more focused on information management and the protection of personal data. IaS can advise on best practices relating to privacy and data management.
The EU's General Data Protection Regulation (GDPR) imposes strict privacy requirements on any organization doing business with EU residents. The regulation is more prescriptive than most other privacy laws and requires organizations to take specific actions to ensure compliance. IaS can assist organizations plan and monitor GDPR compliance.
Legal and Regulatory Privacy and Disclosure requirements:
Canada has privacy legislation covering the public and private sectors both federally and provincially. Besides generic privacy legislation, legislated privacy torts exist in British Columbia, Saskatchewan, Manitoba and Newfoundland and Labrador, allowing individuals to sue for invasions of privacy even if there are no financial detriments.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Under the breach notification provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA), it is mandatory to report breaches to affected individuals and the Privacy Commissioner of Canada "as soon as feasible after an organization determines that a breach has occurred." Similar breach reporting requirements exist under provincial legislation in Alberta and, for the healthcare sector only in other provinces.
Canada has privacy legislation covering the public and private sectors both federally and provincially. Besides generic privacy legislation, legislated privacy torts exist in British Columbia, Saskatchewan, Manitoba and Newfoundland and Labrador, allowing individuals to sue for invasions of privacy even if there are no financial detriments.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Under the breach notification provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA), it is mandatory to report breaches to affected individuals and the Privacy Commissioner of Canada "as soon as feasible after an organization determines that a breach has occurred." Similar breach reporting requirements exist under provincial legislation in Alberta and, for the healthcare sector only in other provinces.
Privacy Advisory Services - What we do:
IaS provides a full suite of services to assist organizations in planning, developing and implementing effective and efficient programs to manage personal information and comply with privacy regulations and legislation. We offer the services of highly qualified experts with many years of experience in privacy, information security and information management.
IaS provides a full suite of services to assist organizations in planning, developing and implementing effective and efficient programs to manage personal information and comply with privacy regulations and legislation. We offer the services of highly qualified experts with many years of experience in privacy, information security and information management.
Our Privacy Management & Data Security solutions include::
Risk Assessments & PIAs | Privacy Plans | Policies & Procedures | Data Inventory | Training | Dashboards | Vendor Assessments | Breach Response Plans
|
Privacy Policy Development
We assist organizations by creating and refining privacy policies and procedures and related controls to fit with the regulatory, legal and business environment that impact operational activities. |
Risk Assessments & Privacy Impact Statements
A privacy impact assessment (PIA) is a process used to determine how a program or service could affect the privacy of an individual. A PIA is a way for an organization to state its commitment to protect the privacy of individuals. Our assessments are tailored to each organizations unique risks and business and cost requirements. |
|
Data Governance / DPR Data Protection Officer:
IaS can assist with defining the role of a DPO and provide support for this critical activity - “The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.” The DPO should only report directly to the highest level of management at the organization. |
Data Inventory & Classification
IaS works with organizations to prepare a complete inventory of data and where it is stored. We assist in rationalising data about customers, vendors and employees to improve business operations and regulatory compliance. The IaS team can review, refine an organization's data classification policies and procedures to more efficiently comply with regulations, and to derive more value from your data. |
|
Data Leakage
Data leakage is a key risk and if controls are inadequate, the financial and regulatory consequences to organizations can be devastating. IaS can assist in determining where critical data resides and what data is at risk of intentional or unintentional leaking. We can design a data leakage prevention strategy, programs, technologies and monitoring controls to mitigate the risks. |
Vendor Due Diligence
While many organizations outsource operations, responsibility for this risk cannot be outsourced. Assessing and monitoring vendor's privacy and data management controls is more complex than monitoring one's own. Our professionals have extensive experience advising clients with their vendor programs. |
|
Privacy Dashboards
Dashboards provide a holistic view to provide insights from a privacy program management.
|
