Important changes to Canada's federal private sector privacy law take place on November 1, 2018 – mandating businesses to submit formal notification of any cyber breaches.
Cyber Security Breaches... Is Your Business at Risk?
Have you ever received a 'phishing email' that looked so real you almost clicked? What if someone in your business did? Now what?
We see it everyday, and we are always amazed at the variety of business that are impacted.
On November 1, 2018, Canadian law is changing what you need to report if this happens to your business. This is why we are reaching out to inform our community, as Cyber Insurance can now help you more than ever to negotiate this tricky technology risk.
We’ve all heard of the big companies dealing with major Cyber Security breaches. 50 million Facebook users were affected by a data breach in September 2018, 1.1 million customers of Nissan Canada Finance had their data stolen in late 2017, and 600,000 drivers for Uber had their accounts breached in 2016.
But, what doesn’t hit the news is that it happens to people and business like ours, everyday.
While these breaches are massive, Cyber Security is a growing issue for companies of all sizes. If you collect customer data and utilize an IT system in any way, then you can be at risk for a cyber attack. As of November 1, 2018, amendments to the Personal Information and Electronic Documents Act (PIPEDA) take effect in Canada.
So, what does this mean for your business?
Essentially, PIPEDA makes reporting cyber breaches mandatory. Companies will need to notify affected individuals, the office of the Privacy Commissioner of Canada and any government institution that can ‘mitigate the risk or harm of the breach'. Failing to report a breach properly can result in fines of up to $100,000.
What is Cyber Security?
Cyber Security is the process a company undergoes to protect their electronic information, as well as the data they hold about their clients. A ‘secure’ cyber environment attempts to protect the users, network, devices, software, services and systems that are coupled to your business.
What is a Cyber Security Breach?
A breach occurs when an unknown entity accesses your organizations systems or information, and then exploits that information. Whether you’re a non-profit, small business or national organization, a cyber security breach exposes your company to litigation risk.
What is Cyber Liability Insurance?
Cyber Liability coverage protects your business from several types of risk including business interruption, identity theft, reputation recovery, notification expenses, system recovery and loss or corruption of data.
What should you do before a breach occurs?
1. Evaluate Safeguards
Figure out what information you hold and in what form, then do the IT analysis to know how it’s protected.
2. Review Contracts
If you’re processing information on behalf of a client, you have obligations under contract. Ensure that there are proper privacy and data protection provisions under contract.
3. Train Employees
Ensure that employees are trained to spot email scams and implement security awareness training.
4. Review Insurance Coverage
Does your cyber coverage include the details specific to your business? Are your premiums high enough to sufficiently protect you?
5. Create a Breach Response Plan
How will the incident be handled? How will your team members communicate?
6. Test the Plan
If your business owns any vehicles, they will need to be insured. Note that it is important to notify your broker if you currently use your personal vehicle for business.
Cyber Security is Important for Businesses of All Sizes
Whether you have 3 employees or 3,000, if you capture customer data, Cyber Security should be a concern. The changes to the privacy law announced today means it's is your duty to ensure that the data you collect is protected.
Does Your Business Policy Include Cyber Insurance?
If you don't know the answer to this question it's a good idea to speak to your commercial insurance broker sooner than later. As your trusted insurance advisor, your broker will be able to help you understand the impact on your business of the changes to Canada's federal private sector privacy law.