With privacy and security breaches now making news almost daily, there has been a recent spate of legislation aimed at helping solve the problem. Unfortunately, this has created a whirlwind of ineffective compliance activity throughout public and private sector organizations in Canada. As deadlines rapidly approach, there is a feverish redesigning and revamping of software, forms, Web sites, and policies related to customer and employee data collection. A knee-jerk response to events creates a security blanket with too many holes to effectively deal with criminal activity.
With this in mind, the CIO Association of Canada (CIOCAN) is advocating a more inclusive and thoughtful approach to the problem, which it has described in a Privacy and Security Issues white paper. The approach advocates broader consultation with the IT community, and a better-coordinated, phased-in approach to legislation.
The Association noted that every CIO is affected by the privacy and security legislation, and has been presented with challenges in this area. Those who have business dealings across Canada have to harmonize the various privacy requirements among Canadian provinces and among countries. Lack of coordinated legislation leads to significantly increased complexity in systems design, balkanization of companies to meet privacy and security requirements in different jurisdictions, and loss of economic scale advantages in delivering services to clients. These issues have a significant affect on all aspects of business, extending beyond just the costs.
According to CIOCAN, better input at various stages of development and implementation of legislation would ensure timely and accurate compliance. Adequate timelines for compliance will allow for more accurate planning and comprehensive execution of security and privacy measures for all companies.
Periodic assessments of the full impact of the legislation will ensure that various concerns are addressed, said CIOCAN. For more information visit www.ciocanada.net.