Canadian security and privacy experts offer 5 recommendations to prepare for breach notification legislation and adopt mature data protection measures
Toronto, ON, December 30, 2009 — Following recent public breaches in the private and public sectors in Canada, Alberta’s announcement of the arrival of a breach notification law is a welcome one. The recent BC privacy breach of 1400 social assistance accounts was compounded by the failure to notify the victims for seven months. This type of failure to notify the public should be prevented by new Alberta and BC laws requiring public and private organizations to disclose security and privacy breaches.
According to Canadian security and privacy expert Claudiu Popa: “The lack of breach notification legislation in Canada has been, for the past few years, a key point of divergence in the mature adoption of security and privacy best practices. With nonexistent requirements for disclosing security and privacy breaches, we have had a lax climate of security awareness and technology adoption here in Canada, leading to events that have almost always been more serious than they needed to be”. Claudiu Popa is a certified security and privacy consultant, and president of Toronto-based Informatica Security Corporation. He is also the author of the Canadian Privacy and Security Toolkit, published by the Canadian Institute of Chartered Accountants and a trusted media resource:
“Our own research no doubt mirrors what Privacy Commissioners have been supporting all along, and that is the fact that accountability and awareness of privacy and security breaches can be effectively catalyzed by effective notification requirements”. With the imminent adoption of Alberta and BC breach notification provisions, the Federal government is expected to follow suit, thus expanding these requirements across Canada.
Popa recommends that businesses prepare for these changes well ahead of time and incorporate the following best practices based on proven, globally-accepted standards:
1.Implement and test an enterprise-wide incident management plan
2.Adopt regular, verifiable security awareness training
3.Ensure that policies are communicated and understood
4.Perform regular security assessments at different operational risk layers
5.Appoint the right people in key security and privacy roles, and support them
For more information or to request an interview, contact Claudiu Popa.
About Informatica Security Corporation
Informatica Security offers IT and security governance solutions that span the entire range of information risk best practices.
Founded in 1989, Informatica Security and Privacy is a leading information risk management consulting firm focused on providing unmatched expertise to enable client organizations to control and mitigate information security risks, meet compliance challenges, alleviate the effects of wrongsourcing and adopt proven standards and best practices for exceptional governance. The firm’s FlexSecure™ risk assessments and professional audits, FlexProtect™ security management, STORM™ (Scalable Techniques for Operational Risk Management) and WorkLife™ Security and Privacy Awareness training solutions are proven best-of-breed solutions that scale to meet the business and compliance requirements of diverse industries.
For additional information, please visit www.PrivacyImpact.com and www.PrivacyImpactAssessment.com.
Informatica Security and Privacy, Informatica Education, Informatica Research, the Informatica logo, FlexSecure™, FlexProtect™ and WorkLife™, VirtualCSO™ and VirtualCPO™ are trademarks or service marks of Informatica Corporation. All Informatica white papers, proprietary research, Web site content, presentations, communications, policies and Informatica-branded documentation are Copyright © Informatica Corporation and permission must be specifically granted for use by any party. All other brands or product names are trademarks of their respective companies, organizations or standards bodies.
For media enquiries and enterprise engagements contact: Claudiu Popa, CISSP, PMP, CISA, CIPP, CRMP, President & CSO, Informatica Corporation, 416-431-9012, [email protected]
On the web: LinkedIN.ClaudiuPopa.com, Twitter.ClaudiuPopa.com, Book.ClaudiuPopa.com, Blog.ClaudiuPopa.com
Press Release Distribution By PressReleasePoint
Informatica Corporation Information Security/Risk Management