IT'S MORE THAN SECURITY WHEN IT COMES TO PROTECTING YOUR BUSINESS ONLINE.

            Since 2019, I've co-presented a workshop on privacy and protection with a local IT firm that offers high-quality regulated IT services to small and medium-sized businesses (SMBs). They put in place and track technological protections with their customers, however, if their job isn't backed up with a protection policy, they're more likely to contend with data leaks that should have been avoided. These presentations are some of my favorites because they combine privacy and IT to minimize harm, improve data security, and assist companies in growing and succeeding.

 IT'S MORE THAN SECURITY WHEN IT COMES TO PROTECTING YOUR BUSINESS ONLINE.

1 - What does protection bring to the table that IT protection does not?

            After you have the info, IT protection protects it. It doesn't look at what data you have, how you got it, what you do about it, how you exchange it, how long you hold it, how you destroy it, or why it was given to you in the first place. All of this is essential because if the company is based in British Columbia (BC) and receives, utilizes, or discloses personal details (PI), you must follow the Personal Information Protection Act of BC.

 IT'S MORE THAN SECURITY WHEN IT COMES TO PROTECTING YOUR BUSINESS ONLINE.

2 - The Personal Information Protection Act (PIPA) is a federal law that protects personal information.

            The Personal Information Protection Act, which went into effect in January 2004, establishes the laws by which private sector entities may obtain, utilize, and report PI from staff, consumers, and shareholders, as well as requiring organizations to defend and safeguard PI against improper use or disclosure.

            The PIPA is overseen and enforced by the Office of the Information and Privacy Commissioner for British Columbia (OIPC). Its responsibilities involve reviewing and handling privacy concerns, as well as conducting reviews and audits of organizations where there are appropriate reasons for non-compliance or whether it is in the public interest.

2.1 - What do I do to comply?

            Organizational engagement, program controls, and continuous evaluation and appraisal of program controls are also part of compliance. To learn more about what you need to do to ensure your company is legal, consult the OIPC's guidance manual, Getting Accountability Right for a Privacy Management Program.

 IT'S MORE THAN SECURITY WHEN IT COMES TO PROTECTING YOUR BUSINESS ONLINE.

2.2 - Why should this be a top concern for me?

            Protecting personal information shouldn't simply be something you do to comply with the rules. It's the moral thing to do from a standpoint of honesty and dignity. And when they offer you their personal information for a particular reason, individuals keep ownership of it. They trust you to protect their personal information, much like you might expect most companies who gather your personal information to protect it for you.

            SMBs had a lot more to lose in terms of risk and expense from data breaches. They simply lack the financial capital and capacity to rebound from a significant hack, as well as the ability to withstand the harm to their image, as big corporations do.

            Additionally, businesses that foster a good privacy culture are well placed to minimize human error in data breaches, increase brand equity by trust-based loyalty, distinguish themselves from the market, and respond rapidly to regulatory changes.

 IT'S MORE THAN SECURITY WHEN IT COMES TO PROTECTING YOUR BUSINESS ONLINE.

2.3 - What is the significance of this right now?

            Provincial privacy legislation in Canada would be somewhat close to federal legislation. Bill C-11 is now in its second reading in Ottawa, and this controversial new federal legislation has a provision allowing the privacy commissioner to seek access to an organization's privacy protection software at any time. Given that putting one together may take months, I would suggest you get started right away. Why wait while you can start reaping the gains of enforcement right now?

            Marilyn Sing is a privacy specialist who specializes in assisting small to medium-sized companies in complying with the Personal Information Protection Act of British Columbia.

            Study the main points of BC's Personal Information Protection Act by attending Marilyn's live and interactive webinar, Privacy Law: Navigating Regulations and Avoiding Breach, on July 19, 2021. (PIPA).