In the movement to give consumers more control over their personal data, Canada has been a pioneer. Its first data privacy regulation, the Personal Information Protection and Electronic Documents Act, was passed in 2000 — long before GDPR and other privacy regulations began sweeping the globe.
But that hasn’t stopped data privacy and security incidents from troubling Canadian consumers, with PCI Pal research revealing that over one-third of Canadians have fallen victim to a data breach. With all eyes on security and privacy, and cyber criminals exploiting the current, unprecedented global situation , it’s more important than ever for Canadian businesses to ensure compliance and security
The state of regulations
Across Canada, there are currently 28 regulations pertaining to the protection of consumers’ personal information. This may seem like quite a lot, however, not all pertain to businesses.
The Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s oldest and most sweeping data privacy regulation, governs any private sector organisation operating in Canada that collects, uses or discloses consumer data in the course of any commercial activity. Similar to its European counterpart, The GDPR, it requires that organisations obtain consent before collecting any personal data, make available upon request any personal data collected, and ensure data is kept secure and private.
In addition to PIPEDA, there are several regional regulations that govern how businesses use consumers’ personal data, including the Personal Information Protection Act Alberta, Personal Information Protection Act BC and the Quebec Privacy Act. These ensure additional protections for both consumer and employee information within those regions
The cost of non-compliance
For businesses operating in Canada, the consequences of non-compliance can be costly and far-reaching. Companies can be fined up to $100,000 for failing to comply with PIPEDA. But that’s not the only financial risk — PCI Pal’s research showed that 35 percent of Canadian consumers will spend less or stop spending completely with organisations they believe may have insecure practices when it comes to their personal information. It is in any Canadian organisation’s best interest to take data security seriously — after all, the country is a pioneer in data protection.
Complying with the PCI DSS can help to ensure any personal data your company collects remains secure. The PCI DSS is the highest standard for payment security, helping organisations ensure sensitive payment details are kept secure. By achieving and maintaining PCI Compliance , your customers can rest assured their information is safe from hackers, and your company can ensure it is in compliance with PIPEDA and any other data privacy regulations.
The post "Compliance in Canada Today " was posted on Security Boulevard.