Several companies preparing for proposed changes to Canadian privacy law: Survey
Several companies preparing for proposed changes to Canadian privacy law: Survey
Several medium- and large-sized Canadian companies are already preparing for changes to the country's federal private sector privacy law, even as political pundits predict an election will soon be called before parliament. Now the proposed act will kill.
A survey of data protection executives at more than 100 firms was released by PwC Canada in March. found it:
-85 percent of the respondents were aware of the proposed Consumer Privacy Protection Act (Bill C-11/CPPA). Almost all of them said that this is a priority in their company. 41 percent of them said it was a top priority;
- 88 percent had already done an internal assessment of their data structure to be prepared. 94 percent of them already have a general high-level or detailed plan for preparing to adopt a CPPA.
PwC's national privacy practice leader, Jordan Prokopy, acknowledged that the CPPA may not pass. However, she added in an interview, because the current federal privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), has to be updated to meet the adequacy requirements of the European Union's General Data Protection Regulation (GDPR) "we know Where is the wine going."
Prokopy said the officers surveyed include general counsel, chief privacy officer and CIO, with the goal of raising awareness and determining the potential impact of the bill on Canadian businesses. The research was conducted four months after the CPPA was announced.
Eighty percent of the respondents were from firms with an annual income of more than $100 million. Asked why PwC surveyed this portion of Canadian businesses, ProCopy said it is the segment that can hire a consulting firm to help with its CPPA preparation plans.
expected effect
“What I found was really interesting [the] results around the anticipated revenue impact [CPPA],” she said. Sixty per cent of the respondents believe that this will affect their revenue. Half of them (or 30 percent overall) believe it will have a positive effect on their profits.
The suggestion, he said, is that these executives believe that creating trust among customers that personal data will be used responsibly can support the goals of the business.
“If [protecting data] is about building trust, it could improve the customer experience, which could ultimately make people more comfortable sharing their information and trusting the company’s use of data,” They said.
The areas where respondents thought CPPA would have the greatest operational impact in their organizations are data mobility (87 percent. Proposed legislation would give Canadians the right to transfer their personal data from one company to another), consent (86 percent). The proposed law has some changes to a firm's obligations to obtain informed consent to collect personal data) and data deletion (83 percent. The proposed law has data deletion obligations).
Among other findings:
- One in five respondents (21 percent) aware of the proposed changes expect CPPA-related spending to exceed $10 million or more in the next three years;
-37 percent of all respondents expected to employ more than 10 full-time employees or contractors for their CPPA or privacy programs in the same period.
Interestingly, only 71 percent of respondents said that their firm has an existing privacy compliance program in place. PIPEDA became law in 2000; This applies to all commercial firms. Three provinces (Alberta, British Columbia and Quebec) have their own private-sector privacy laws, while PIPEDA applies to other provinces and territories. Provinces may have their own separate privacy laws for the healthcare sector.
PwC argues that businesses should adopt a strategic data trust approach that allows them to create, use, share and retire data securely and transparently. This requires an integrated approach in four key areas: data governance, data discovery, data security and data minimization.
“We have seen for the first time with GDPR that organizations that take a strategic data trust approach versus a compliance-privacy-first approach are able to capitalize,” the report said.
No comments