With no global standard for data privacy, laws outside U.S. differ in scope

I was recently interviewed by CyberScout just after I appeared on a privacy panel at CyberScout’s Privacy XChange Forum entitled “Where In the World: A Quick and Easy Breakdown of Privacy Standards and Regulations”. In the interview, I summarize the breach notification regulations in Canada and discuss what should be included in a cybersecurity plan. I also discuss the recent privacy commissioner’s investigation report following the Ashley Madison security incident and what privacy regulators in Canada will look for upon a breach taking place. My recommendations include: (i) using proper, state-of-the-art technology, including encryption when transmitting and storing personal information; (ii) having the right governance framework in place, all the proper polices (it usually makes sense to have at the very minimum a privacy policy, a breach-response policy and a data-retention policy); and (ii) make sure employees are aware of these policies and that they are properly trained.

The video and written summary of the interview are available here.

This content has been updated on January 26, 2017 at 6 h 52 min.