14th Annual Privacy & Security Conference off to a flying start


Roland Davis 07/02/2013

I have the pleasure of attending this year’s 14th Annual Privacy & Security Conference.  I haven’t attended this conference for years (I think I went to the 2nd or 3rd annual conference as a vendor), and it has certainly become a meca for all things related to IT security and public privacy with attendees from all across Canada.

I was able to attend a great session put on by the Office of the Information and Privacy Commissioner of Alberta.  Alberta is the only province in Canada which requires mandatory reporting of a breach of personal informational to be reported to the Commissioner’s office.  There is a fine of $100k for organizations that don’t do this in a reasonal time frame.

So what type of impact does this have on businesses?  Well, anyone that is collecting information in Alberta about Albertans could be affected by this legislation.  So a Toronto based company that collects information via a website would be affected because the collection is done on the individual’s computer in Alberta.  

And what types of breaches can happen?  examples included using recycled medical records for puppy bedding, sending out sensitive employee data via email, hackers connecting to databases, mailing letters to the wrong address, and the list goes on… The Commissioner’s office investigates the cases that have a real risk to cause harm to the individual, such as loss of reputation, financial loss, or identity theft.  

So what causes most breaches?  Well human error is listed as the top reason, followed by theft, and poor security of IT assests.  In the case of the last point, identity and access management solutions can significantly reduce the risk of having a breach of personal information.  Having strong password policies and locking down high, priviledged accounts can dramatically reduce hacker’s abilities to cause a breach and if a breach does occur, using tools like these will often assist in providing an audit trail: valuable evidence that your organization is being diligent.

The session was very well done!  It is days like these that it makes me proud to be an Albertan!

No Results