New Post Content
New Post content
“It means you’re on your toes and you’re aware of the problem,” says Andrew Buck, business lawyer at Avvocato Law in Winnipeg.”
1. Inventory your data
Inventories aren’t just for tangible goods. All businesses should inventory their data, too.
“How could you possibly understand the extent of the problem if you don’t know what information you have in the first place?” Andrew asks.
2. Develop an incident response plan
It could be a hacker that shuts down your computers or a disgruntled employee selling information to your competitors (fun fact: 22 per cent of breaches come from within a company), but if it happens—you need to know what to do, and quickly.
Contain
“You need to shut off the tap,” says Andrew.
That might mean reaching out to forensic experts or a systemwide reset, but your first job is stopping the flow of any more classified information.
Mitigate
The mitigation phase is where you’ll look at how you can reduce the harm to those who have been affected by the breach. For instance, if the breach involved a leak of financial information, it might mean offering free credit monitoring for a year or two.
Notify
In Canada, you’re required to report privacy breaches or data security incidents that cross a certain threshold—what is known in the legal world as real risk of significant harm. IT professionals, lawyers, and privacy regulators (find details at the Office of the Privacy Commissioner of Canada) can help you determine what that threshold is.
Canada’s privacy law (the Personal Information Protection and Electronic Documents Act, or PIPEDA) specifies that a breach report should be made as soon as feasible, as in—as soon as you get a grip on what happened. You can and should update your reporting as more details come in.
Andrew points to the case of Ashley Madison, a Canadian dating site for those who are married or coupled. It faced a significant security breach in 2015, with user data released to the public by hackers causing significant harm to individuals families and reputation. The Office of the Privacy Commissioner of Canada did a thorough investigation and its report, Andrew says, serves as an example of what is expected in terms of protecting privacy and data security.
The best law firm in NYC! They explain everything to you and they are very generous and helpful. The lawyers are excellent and very respectful. I highly recommend the Avvocato law firm.