Bernice Karn Discusses PIPEDA Amendments - Including Data Breach Guidlines - with ITWorld

Bernice Karn has been quoted in the article "PIPEDA Changes Should Prompt Improved Security Stances and Roadmap Creation" published by ITWorld.

Writes Gary Hilson: "Businesses are data driven, and enterprises are challenged to both leverage data effectively and manage it. This includes securing it, but also understanding and complying with legislation. The Digital Privacy Act has amended some aspects of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), including introducing a new data breach notification requirement that is not yet in force."

Bernice Karn looks at this, the firm major review of PIPEDA, since its inception 15 years ago. Bernice notes that a lot of organizations didn't take PIPEDA seriously when it came out: "Fifteen years later, we are realizing there is value in personal data" and that means having a privacy policy and best practices in place is essential. "You have to pay more lip service than a plain vanilla policy."

One major element of the PIPEDA amendments are guidelines around breach notification. Regardless of the legislation is, Bernice said organizations need to treat a breach like managing any other crisis. “You need a process in place to handle this that involves being able to identify when a beach happens, bring the right people to the table to contain the problem and mitigate the situation.”

Read the full article here.