Canada is poised to become a world-leader in privacy regulation and with new regulation comes record-breaking fines for those who can’t keep up.
In November, Canada introduced the Digital Charter Implementation Act. If passed, companies could face fines of up to five percent of global revenue or $25 million CAD — whichever is greater — for violating Canadians’ privacy. That’s one of the heaviest fines among the G7 and has the potential to outstrip the European Union’s General Data Protection Regulation (GDPR)’s 4%.
Canada is looking to follow the European Union, California, and other jurisdictions around the world that are strengthening their data protection and privacy laws. Why now? Innovation Minister Navdeep Bainse has cited the coronavirus epidemic and the rapid increase of Canadians’ reliance on digital technology.
That growing dependence means a treasure trove of data — especially personally sensitive or identifiable data— is moving online.
But as data and regulation of data grows, compliance departments are seeing cuts, adding even more risk. According to the Financial Times, a third of organizations say they lack the resources to manage compliance for new technology, and it’s not like businesses can forego customer data to avoid fines. Data makes and breaks companies in the 21st Century. While huge multinationals may be able to stomach a 5% fine, albeit painfully, those same fines could crush ambitious smaller competitors. With a patchwork quilt of different laws blanketing business operations around the world, avoiding costly errors in all jurisdictions can quickly turn from a headache into a minefield.
And then there are the added implications such heavy fines have for data security. As well as compliance within everyday operations, data breaches take on a whole new level of risk.
Corporations are obligated to ensure personal data is exposed in the right way to the right people. At the same time, evolving regulation necessitates adaptable and innovative business practices. Even more important is recognizing that good governance enables the opening up of more data to more users, which leads to more use cases being deployed and more insight as well as value created. To find balance between security and agility, there is no choice but to make data privacy a core business process alongside sales and marketing, accounting, and customer service. Establishing a data privacy process is no longer optional for a successful business.
Privacy by Design
The first step towards protecting against privacy missteps is Privacy by Design.
Founded by Dr. Ann Cavoukian, Privacy by Design is a framework that “[…] seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure, and business practices […]”. The framework incorporates seven foundational principles designed to ensure organizations gain a sustainable competitive advantage by preventing privacy infractions and data breaches from occurring, right from the outset.
Enterprises embedding Privacy by Design into the fabric of their operations adopt safeguards as a core function of their operations, with the people, processes, and enterprise data management technology to support it.
Privacy becomes a proactive, strategic function—not something that occurs only after a breach. Data management that respects individual privacy complies with regulations, and allows organizations to uncover insight and value faster becomes a regular part of how the company operates.
There are four steps organizations can take to build Privacy by Design into their business process.
- Define a data strategy, classify sensitive data, and document how it is used.
- Evaluate the data strategy for compliance with privacy regulations.
- Adjust the data architecture to ensure support for new and existing use cases.
- Implement the data strategy on an enterprise data platform so that all data can be consistently managed from one place.
Cloudera Data Platform (CDP)
CDP was built with 21st-century data strategies and evolving privacy regulations in mind and is the only enterprise data platform that manages all your data from one pane of glass.
Cloudera technology identifies sensitive data, encrypts, manages access, and monitors appropriate use. As the Canadian parliament moves toward adopting the Digital Charter Implementation Act, Cloudera customers will be able to prove compliance with those new regulations quickly and simply. By managing all data and the processes that use it through a single pane of glass, Cloudera customers know their data and know it’s used properly, wherever in the platform it is used and across all clouds. With record-breaking fines looming, that ability could save your business. To learn more, read Cloudera’s Data Privacy as a Core Business Process white paper.