Every day we generate more and more data, and we hope that companies use that data to develop better products and services. But, hope, as they say, is not a strategy.
As a security services company, you are responsible for protecting your employees’ and clients’ data. So perform due diligence when selecting a technology software provider and choose one who has the proper data security processes and safeguards in place. Remember that when you select a software provider, you are entrusting them with sensitive data. For security service companies, that data likely includes confidential lists of clients, contracts, employees, employee contact information, pay rates, payroll information, and more. Onsite, security officers share real-time GPS locations, incident reports, and patrol routes – data that could be misused for criminal purposes.
Security service companies should expect the highest standards of development, data, and privacy from their technology partners to ensure that your provider has the proper risk and mitigation processes in place to protect data from malicious users or mishandling. There are significant costs to mishandling data not only because you may be exposed to lawsuits from clients and employees, but there may also be legal ramifications from your own country.
Data protection legislation is now a global reality, and we are constantly being bombarded with requests to access, use, and share our personal information. Data breaches are almost routine, and recent figures from Risk Based Security reveal that 2020 was the “worst year on record” with 36 billion publicly reported breaches. With the introduction of new technologies like the use of artificial intelligence (AI) in profiling and facial recognition software, it’s not clear to most of us how our personal information is being used or abused.
For the past 20 years, Canada has relied on the “Personal Information Protection and Electronic Documents Act” (PIPEDA) when it comes to the protection of personal data collected by the private sector. The year was 2000, and Canada was scrambling to build consumer confidence around a new online commerce model. So a set of rules (which became known as PIPEDA) was quickly drafted and tacked on to the existing “Canadian Standards Association Model Code for the Protection of Personal Information.” In reality, it was a piece of cobbled-together legislation without much in the way of substance or enforceability.
Legislators around the world have been working to change legislation when it comes to the protection of personal information. Europe led the charge in 2016 with the “General Data Protection Regulation” (GDPR), and then California introduced the “California Consumer Privacy Act” (CCPA) in 2018. Quebec and Canada are not far behind.
On June 12, 2020, Quebec introduced Bill 64 — ”An Act to modernize legislative provisions are regards the protection of personal information.” Then on November 17, 2020, the Canadian government proposed Bill C-11, the Digital Charter Implementation Act, (DCIA), with a view to modernizing the framework for the protection of personal information in the private sector, and give us confidence that our data is safe and our privacy is respected.
This legislation takes a number of important steps to ensure that Canadians will be protected by law, even as technology continues to evolve. Some highlights:
Meaningful consent: The legislation provides specific guidelines for what is considered meaningful, valid consent for the collection and use of personal information.
Control and transparency: The law allows individuals to ask for an explanation of how their personal information was used or obtained.
Data mobility: The legislation opens the door to data portability, and the freedom to move information from one organization to another in a secure manner.
Penalties: The law provides for the strongest fines among G7 privacy laws—with fines of up to 5% of revenue or $25 million, whichever is greater, for the most serious offenses.
Canadian government officials have indicated that there will be a grace period for businesses to get ready for the new legislation, and no date has currently been set for when Bill C-11 will come into force. It’s never too early for businesses to start looking at their current practices and identify potential issues that could hinder their ability to meet their new compliance obligations.
At TrackTik, we take data privacy very seriously. The security of our workforce management software and the customer data stored in our cloud is critically important to us. In 2020, TrackTik successfully met the criteria set out by the AICPA (American Institute of CPAs) to comply with SOC2 Type Security Principles. Complying with SOC2 Type II Security Principles, and practicing security by design which means that our engineers have designed TrackTik software to be secure from the very start, clearly demonstrates TrackTik’s continued dedication to ensuring the security of our customers’ data.