Cyber security is the biggest legal challenge that organizations must confront in 2018, according to Borden Ladner Gervais (BLG) LLP.
Businesses across Canada will have to follow in Alberta’s footsteps, currently, the only province that has personal information security breach reporting, says BLG, which recently released its annual report about the top 10 legal risks for business in 2018. These obligations will come from Canada’s federal Personal Information Protection and Electronic Documents Act’s (PIPEDA) and will require record-keeping, reporting and notification obligations for organizations that suffer a breach relating to personal information. Canada loses $3.2 billion annually to cybercrime, says the report.
The Canadian government published a proposal for the Breach of Security Safeguards Regulations last September and final regulations are expected soon. When in force, these regulations will require an organization to maintain a record of every personal information security breach, provide those records to the Privacy Commissioner on request, and if a breach creates a risk of significant harm to an individual, notify the breach to all affected individuals. A knowing contravention of the security breach obligations will lead to a fine of up to $100,000. A Ponemon Institute report about the cost of data breaches said detection and escalation costs are the highest in Canada ($1.46 million USD) and the lowest in Brazil ($430,000).
In a report last November, BLG said there are multiple compliance challenges that come with PIPEDA’s upcoming regulations, such as knowing when, and if, a company can withhold information about the breach of personal information to avoid compromising an active investigation of the breach. Organizations that process or store personal information on behalf of another company will have to be better informed on how to comply with its personal information security breach obligations if their data controller fails or refuses to cooperate, BLG added.
Canadian organizations that process data of European Union (EU) residents will have to comply with the EU’s General Data Protection Regulations (GDPR), which come into effect in May. The regulations differ from PIPEDA’s proposed regulations, and organizations that are found to be non-compliant with GDPR may be fined up to approximately $30 million, or four per cent of their worldwide annual revenue from the previous year.
Disruption caused by cryptocurrencies and autonomous vehicles also on the list
Cryptocurrencies continue to draw the attention of Canadian and global investors despite lingering concerns about security and its legitimacy within the markets.
BLG’s report says blockchain technology will help protect investors and organizations dabbling with cryptocurrency by addressing counterfeiting and other security concerns.
“While they will not remedy all the world’s ills, blockchains provide great opportunity for commerce, data management and transparent, automated contracting,” says the report.
The rise of autonomous vehicle technology will lead to a greater need for product liability insurance among car manufacturers and suppliers, who will also have to focus on data security and privacy protection due to autonomous vehicles’ need to communicate with GPS satellites, software providers and other devices. According to a report from the Conference Board of Canada, Canada could reap $65 billion in potential benefits from autonomous vehicle developments.
“While there are certainly technological, safety, and regulatory hurdles to be surmounted before autonomous vehicles are commercially available for the average consumer, it is clear that autonomous vehicle technology is here to stay,” says the BLG report.