Why 2020 has been the year of privacy engineering, and what it means for Canada

Privacy enforcement has moved from concept to reality, fuelled by the European Union’s General Data Protection Regulation (GDPR) that came into effect in 2018. Since then, more than 40 sets of privacy legislation have been enacted worldwide. And that, says lawyer Vanessa Henri, associate at Fasken, creates implications for businesses.


Privacy violations can be expensive. In 2020 alone, said a report released by finance news and analysis site Finbold, by mid-August fines of more than 60 million euros have been imposed in the EU against countries violating the GDPR, with Spain the leader in the number of fines (76) and Italy holding the dubious distinction of having the biggest monetary penalties assessed against its businesses (45.6 million euros). The maximum penalties against a company under that legislation are up to 20 million euros or up to 4 per cent of the company’s global turnover for the preceding fiscal year, whichever is higher.

Although the GDPR is probably the highest-profile privacy legislation, closer to home, Quebec’s Bill 64 will make that province’s privacy laws the toughest in the country. It increases fines for breaches of the act to the greater of $25 million or 4 percent of global turnover for the previous fiscal year, has tougher breach notification requirements, and includes mandatory privacy assessments for “any information system project or electronic service delivery project involving the collection, use, communication, keeping or destruction of personal information.” Like the GDPR, if data is to be transferred out of its jurisdiction, it must receive a comparable level of protection or it may not be transferred. It also defines additional rights for individuals around their data. Businesses of all sizes will be affected, and in case of a breach, the CEO will be held responsible.

“If 2018 has been the year of privacy legislation. 2020 has been the year of privacy engineering,” Henri says, pointing out that compliance is getting harder, especially for small and medium enterprises. During her Oct. 7 presentation at MapleSec, Henri will discuss the progress of privacy legislation and enforcement, and what companies need to think about to avoid falling afoul of the new laws.

“In 2020, it’s fair to say that science has met law in the field of privacy,” she says. “And privacy engineering has become the way to operationalize privacy.”


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Lynn Greiner
Lynn Greiner
Lynn Greiner has been interpreting tech for businesses for over 20 years and has worked in the industry as well as writing about it, giving her a unique perspective into the issues companies face. She has both IT credentials and a business degree.

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now