“A law that modernizes legislations respecting the protection of personal information”
Clearly, yes; every individual working for an employer is and will be held responsible for his or her personal information as well as that of others. A simple and very common example of a confidentiality incident under the law is the intentional or accidental inclusion of personal information in Outlook and Google contact profiles. “Personal information” under the new law could be a mobile phone number, personal email and physical address, children's names, SIN, birthdays, etc. stored in most organizations’ databases.
Therefore, it’s critical to be involved now to avoid the risk of damaging legal ramifications.
Here are the three challenging questions to ponder:
If not yet, please know:
3- What and where are the personal information confidentiality breaches within your organization?
It's imperative to update your organisation’s governance and compliance processes with respect to the law. This is a daunting challenge for any organisation these days and the complexity is tied to the number and type of blindspots your environment holds.
This latest chapter in the fast-paced and ever-changing practice of cybersecurity will surely become headline news in the months and years ahead.
As of September 22, 2023, failure to comply with these obligations could result in penal fines and penalties. Law 25 will finally take full effect on that same date in 2024.
Your NOVIPRO team can help your organization with the process, from start to finish.
You can also find a conference on Law Bill 25 that was given at our CyberEX event by clicking HERE.