Risk & Business Magazine Benson Kearley IFG Spring / Summer 2017 | Page 30

EMERGING RISKS
Emerging Risks In Canadian Privacy:
What You Should Know And What You Should Do
T
he privacy regulatory
landscape in Canada is
changing—quickly. Gone
are the days when a privacy
regulatory change would be
introduced and there would then be two
years of industry collaboration followed
by a lengthy transition period for
businesses to fall in line. Although some
of the newly enacted Canadian Digital
Privacy Act (DPA) amendments bring
welcome changes and clarity to the law
(for instance, business transactions and
consent exceptions), others such as valid
consent and breach notification are sure
to present risks and challenges for many
organizations.
Across a rapidly changing security
landscape where data privacy is
increasingly challenged by accelerating
cybersecurity risk, businesses,
regulators, and consumers alike are
30
trying to stay ahead of the curve
through innovation and technology.
Businesses are increasingly challenged
to both follow the current trends and
be ready for the regulatory changes
before they are finalized in order
to avoid ensuing liability risks. It is
recommended organizations examine
and adjust their own practices in
advance of these regulatory changes
or face the probable struggle to meet
compliance requirements.
Insurance regulators are subject to
the oversight of the International
Association of Insurance Supervisors
which is looking more closely at
regulator practices. In turn, regulators
are increasing their oversight on
business. Businesses need to be
proactive in responding to the
changes taking place in Canada and
internationally including ensuring they
have appropriate cyber-risk insurance
coverage.
Privacy and data breaches, and cyber
breaches in particular, are a growing
problem. Organizations need to
understand their potential liability
risks and develop a comprehensive plan
to respond to the problem. More class
actions can be expected in the coming
years that target the corporation (not
the individual). Beware the multipliers
(modest damages x lots of claimants =
$$$$$). With the increased burden placed
on key employees to keep up with the
regular demands of day-to-day business,
the need to bring in outside expertise is
increasing. (1)
Cyber-risk is any risk of damage,
loss, or liability to an organization
resulting from a failure or breach of the
organization’s information technology
systems. Levels of cybersecurity