Fall World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 30, Issue 2

Full Contents Now Available!

Monday, 20 March 2017 14:40

Thriving Despite Cyber Risk

Privacy is a human right, and at the core of the privacy principles is Article 8 of the European Convention on Human Rights. In the new digital world, where information-sharing is prevalent, the need to protect individuals’ privacy is important, but we are seeing different views toward privacy with the advent of social media platforms. Protecting the rights of the individual is the most important aspect of privacy.

What are the legislative challenges in a global environment?

As a data protection officer across 27 countries, there are individual challenges to overcome when operating in a global environment. When looking globally, there are some practical summaries (e.g., the “practical law” guide in the Data Protection Global Guide). Canada, Russia and the European Union Privacy directive have evolving laws, requiring a professional to adapt to changing legislation. Russian law requires that all Russian citizens registering on a website should have their personal data stored securely within Russia, which may provide challenges for cloud-based HR systems (or any other cloud based-service).

The issue of consent is a focal point of Canada’s Anti-Spam Legislation (CASL) for commercial electronic messages (CEM). A CEM is only implicitly allowed if there is an existing business or non-business relationship, or if the recipients conspicuously publish their electronic contact information or voluntarily disclose it without indicating they don’t want to receive communications. Otherwise, explicit consent is required from the recipient. The business challenge here is maintaining a provable log of consent required to avoid the Canadian $10 million fine. Again, this provides a challenge to cloud-based services.

These are just two examples of recent changes in legislation that require adaptation by organizations.

The biggest change for any organization processing data of European citizens is the new GDPR, as European legislation is often used as a baseline for implementing privacy regimes globally.