Changing laws and privacy culture around the world, a growing sophistication of cybersecurity threats, innovations in response to the COVID-19 pandemic and environmental, social and governance priorities, increased data outsourcing and a peak in M&A deal activity means that privacy issues are more prevalent than ever.
Organizations know that the consequences of failing to safeguard personal information in the face of an incident can be enormous. What steps should they prioritize to mitigate risks and mature their privacy management programs?
This article identifies our five top tips and a checklist to get you started.
1. Respond, don’t react: Accountability and governance
We are seeing a significant trend towards development and reform of privacy laws across Canada and globally. In Canada, modernization of privacy laws has generally involved enhanced transparency of organizations’ practices, increased consumer control of personal information, addressing new/emerging technology issues (such as pseudonymized and anonymized information, automated decision-making and biometrics) and bolstered enforcement powers of privacy commissioners. See BLG's previous articles Changes to B.C.'s public sector privacy legislation, Special committee recommendations to modernize B.C.’s private sector privacy law and Québec Privacy Law Reform: A Compliance Guide for Organizations for more information.
Organizations should take steps to mature their privacy management programs to comply with – or to prepare to comply with – modernized privacy laws, rather than reacting to changes.