2023 Fintech and Financing Conference & Expo

Why You Should Review Your Data Governance and Privacy Risks in Canada

BLG | Éloïse Gratton | Nov 2, 2022

Canada privacy and cyber security - Why You Should Review Your Data Governance and Privacy Risks in CanadaUnder Canadian law, corporate directors are responsible for their corporation’s business, including risk identification and management activities, and are required to demonstrate a duty of care.

  • Yes, it's important:  Regulators aren’t the only ones watching. Cybersecurity was the second-highest environmental, social and governance (ESG) concern cited by institutional investors and consultants in a 2021 RBC report, and proxy advisors routinely rate companies on their cyber and privacy practices under the governance category of ESG scoring.

See:  Modernizing Privacy Law in Canada – Striking the Right Balance

  • Privacy risks for Canadian organizations:
    • Legislation:  In both Canada and the U.S., data protection laws are becoming more stringent as both jurisdictions slowly catch up to Europe’s GDPR, which was adopted in 2018 and is considered the global gold standard when it comes to protecting privacy.
    • In Canada, Québec was the first jurisdiction to adopt a data protection law approximately 30 years ago and the first jurisdiction to update its law to align with the new EU privacy framework earlier this year, with other Canadian jurisdictions recently following the lead with Bill C-27.
    • Privacy class actions on the rise: More than 150 privacy class actions have been filed in Canada in recent years, mostly in Ontario, Québec and B.C. Approximately 70 per cent are filed following a data security breach. The rest are for “privacy intrusive practices,” which are invasions of privacy resulting from:
      • A lack of transparency with consumers when collecting or processing their personal information.
      • Failing to obtain proper consent.
      • Unacceptable practices involving the collection of personal information, including over-collection.
      • The use of new technologies involving surveillance or monitoring.
    • Fines and penalties for non-compliance:  Québec was the first in Canada to do this, introducing a new private right of action and administrative monetary regime with potential penalties of up to $10 million or 2 per cent of revenue for non-compliance with the law and penal offenses for certain infractions of up to $25 million or 4 per cent of revenue.
    • Shareholder law suits:  In the U.S., we’re seeing more shareholder derivative lawsuits being filed against corporate boards following data breaches.

See:  Office of the Privacy Commissioner Announces Digital ID Ecosystem Resolution to Ensure Transparency and Privacy

  • Privacy and C-suite and board checklist to assume an active role with direct oversight of the privacy and cyber risks affecting their corporation and stay abreast of the changing regulatory landscape:
    • Purpose, Strategy, Visibility, Program Development, Readiness, Outsourcing, Adaptability, Business transactions, Cyber security, Money

Continue to the full article --> here


NCFA Jan 2018 resize - Why You Should Review Your Data Governance and Privacy Risks in CanadaThe National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Why You Should Review Your Data Governance and Privacy Risks in CanadaFF Logo 400 v3 - Why You Should Review Your Data Governance and Privacy Risks in Canadacommunity social impact - Why You Should Review Your Data Governance and Privacy Risks in Canada

Support NCFA by Following us on Twitter!







NCFA Sign up for our newsletter - Why You Should Review Your Data Governance and Privacy Risks in Canada




 

Leave a Reply

Your email address will not be published. Required fields are marked *

three + 19 =