We understand the specialized markets in which you operate and provide tailored solutions to meet your unique business needs.
Our comprehensive suite of business services combines industry expertise, market knowledge and professional insights.
MNP is a leading national accounting, tax and business consulting firm in Canada.
Suite 2000, 330 5th Ave. S.W.
Submit an RFP
MNP careers are Different by Design. As an entrepreneurial firm, we truly believe there are no limits to where your career can go.
This article was originally published in French on the Droit-Inc site. It has been translated and reproduced with permission
In an article written for droit-inc.com, MNP’s Tom Beaupre, QSA, CISSP, CISA, BS, and Corey Anne Bloom CPA, CA, CA.IFA, CFE, CFF, recently discussed new federal breach reporting rules and what the changes mean for Canadian organizations. They highlight the need to shift toward a more security-focused mindset and offer practical steps leaders can take to protect their organizations in a stricter regulatory environment with increasing cyber crime.
On the heels of the European Union’s General Data Protection Regulation that took effect in May 2018, Canada is
introducing the Breach of Security Safeguards Regulations, which all Canadian organizations will have to comply
with as of November 1, 2018.
These new regulations under the Digital Privacy Act require that all data security breaches that could create a
“real risk of significant harm” be immediately reported to the federal regulatory authorities.
With the recent news of security breaches at companies like Air Canada and BMO, the timing of these new regulations
couldn’t be better.
While the Digital Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA) apply
specifically to organizations that collect, use and disclose personal information in the course of their commercial
activities in Canada, the new Breach of Security Safeguards Regulations will have a broader scope. These
regulations will apply across the board to all Canadian organizations, including small businesses, in keeping with
the federal government’s Small Business Lens program.
To determine significant harm, organizations need to look at a number of factors. Aside from the risk of identity
theft, they also need to weigh the sensitive nature of the data and how it could be misused.
Could the information be used to humiliate someone? Could it damage their reputation or relationships? Could it lead
to financial loss, property loss or loss of employment, business or professional opportunities?
If an organization suffers a security breach that could create a “real risk of significant harm”, it is required to:
Despite the strong recommendation that all organizations subject to PIPEDA have an action plan in place for
protecting personal information, businesses are still somewhat in denial about the real risk of cyber attacks.
Presumably this new framework will prompt some deeper analysis as its success will depend on the willingness and
ability of organizations to realign their management, resources, internal processes and technologies.
That’s where lawyers, IT security and investigation specialists (forensic accountants) and cyber security
professionals will be valuable allies in helping to classify and identify sensitive data, preserve or recover that
data, set priorities and put protection programs in place.
Ultimately, requiring Canadian businesses to comply with these new regulations should also lead to better practices
for protecting personal information and, generally speaking, stronger cyber security as businesses try to stay one
step ahead of cyber fraud.
Tom Beaupre QSA, CISSP, CISA, BS, is a Partner and Quebec Cyber Security Leader with MNP. He can be reached at
514.861.9724 or email [email protected].
Corey Bloom CPA, CA, CA.IFA, CFE, CFF, is a Partner and Eastern Canada Leader with MNP’s Forensics and Disputes
Practice. She can be reached at 514.861.9724 or email [email protected].
Related Topics:Cyber Security; Technology
Suite 2000, 330 5th Ave. S.W.
Find an office near me