Suffering a cyber attack is an IT department’s worst nightmare. The risk of sensitive data being corrupted, stolen, or exploited is a real one, and many IT professionals work hard to prevent this from occurring. New Canadian laws, as part of the Digital Privacy Act, mean keeping your data safe is more important than ever. This new legislation will require companies who have experienced a ransomware attack, or other type of cyber data breach, to log and report them. Companies that have suffered a ransomware attack or data breach may not only have to disclose to the public that they’ve been attacked; they will also be required to “be more proactive about disclosing specific risks that could lead to attacks in the future,” according to a CBC article. What’s more, the article reports that failure to log or report a data breach could result in fines of up to $100,000.
Lawmakers hope that this mandated transparency will force companies to implement smarter strategies and better protection for their customers’ private data. The Canadian Securities Administrators found that many publicly traded Canadian companies fail to proactively disclose potential security risks to users when collecting sensitive personal information. Their intention is to encourage businesses to take a more active role in educating customers and users about the potential security risks that exist when they provide personal information.
In 2017, the numbers are even higher. While not all hacking attempts are successful, this number does indicate that Canadian companies need to be more vigilant about their data protection, especially where sensitive personal user information is concerned. The technology behind ransomware attacks is also becoming increasingly sophisticated, meaning that companies need to be on the cutting edge of cyber protection technology.
New rules of transparency will make it crucial for companies to have a data protection plan in place. Government requirements about data security transparency mean that businesses stand to lose more than just data if they suffer a hack; their customers’ trust is also at stake. It’s likely that these reporting laws will take effect in late 2017. This means companies need to start making a game plan for their data protection as soon as possible.
In our next blog, we’ll be digging deeper into data security with Steve McGeown of RootCellar Technologies, a company producing advanced new security technologies that help businesses keep up with the ever-changing world of cyber threats. Stay tuned!