“One of the benefits that Canada enjoys is that in some respects the legislation in Canada was created by business,” said Peter Cullen, former corporate privacy officer for Royal Bank of Canada, in an interview with ITBusiness.ca. “Businesses had a clear and early stake in designing what ultimately became the legislation.”
Cullen made the comments in a speech on cybercrime to members from the business, technology and media industries at The Empire Club in Toronto. He said one of the main problems with the current U.S. legislation is that it is a patchwork of regulations as opposed to a unified whole.
But Joe Greene, vice-president of IT security research at IDC Canada, said Canada’s legislation, such as the Personal Information and Electronic Documents Act (PIPEDA), isn’t strong enough to be taken seriously.
“My hope is to give (PIPEDA) a bit of teeth,” said Greene. “You get a slap on the wrist. If it’s a law that’s intended to protect consumers’ information, I think the privacy commissioner should be naming people who are not in compliance.”
Laws aside, Cullen said privacy also makes good business sense. While the federal privacy commissioner’s first report on PIPEDA supported this, a critic found that many businesses are still dumbfounded as to how to implement it.
“Businesses need to think about it in terms of what adds value to the customer relationship as opposed to compliance with the law,” said Cullen.
Smaller organizations, however, are still lacking in this regard, making them the most vulnerable group.
“They’re not doing as much as they should,” said Greene. “A lot of that has to do with budgets, skills in-house, and they’re not really aware of the problem.”
Recent IDC research showed that one of the main things that keeps IT managers up at night is that employees and executives alike are not consciously aware of the security policies that have been put in place.
Likewise, Cullen said organizations need to think about what their policies are and how they’re educating their staff to do the right thing
“Technology is one piece of the puzzle,” he said. “We’re going to need to think of things in a much more holistic way to manage threats.”
Threats such as virus attacks and malicious hackers are only part of the problem. Cybercrime has become much more sophisticated over the years from hackers in their basements to organized crime looking to make a quick and easy buck from consumers’ information.
“Attacks started out as an annoyance,” said Cullen. “Now they’re more nefarious attempts.”
Phishing, for example, still dupes two million people a year, he added. There are 3,000 phishing sites on the Internet, most of which are not up for longer than mere hours.
While Cullen didn’t have a specific number on hand to quantify the amount of resources Microsoft has put towards improving the security of its products, he did say that the investments Microsoft has made over the years are finally starting to pay off. But Microsoft has come under criticism for its Genuine Advantage Software, which was hacked a day after its release, that is designed to protect its users from counterfeit and pirated software.
“We’ve invested enormous amounts of resources to ensure that we continue to enhance the security of our products,” said Cullen. “Microsoft will continue to invest to ensure that multiple threats are taken care of.”