OTTAWA, October 18, 2011 — The Office of the Privacy Commissioner of Canada is marking Small Business Week (October 16-22) by helping to empower small businesses and remind them of best practices.
The Office today launched a new section on its website, providing single window access to online tools small businesses can use to measure their privacy protection and data security. In addition, the Office will be publishing a series of articles aimed at increasing awareness of common cybersecurity threats and steps small businesses can take to mitigate them.
Such measures can both help protect personal information along with customer and client trust. This comes at time when Canadians are showing some signs of unease when it comes to businesses’ personal information handling and security practices.
The 2011 Canadians and Privacy Survey commissioned by the Office of the Privacy Commissioner of Canada detected widespread concern about businesses that request too much personal information, don’t keep it secure, sell it to other organizations, or use it to send spam or make other unsolicited marketing contact. About nine in 10 respondents found such practices disturbing.
Recent research suggests that it’s not just big businesses who sit in the crosshairs of cyber attacks. Many targeted cyber attacks have been directed at businesses with fewer than 500 employees.
“Privacy goes hand-in-hand with trust and, for any business, trust goes hand-in-hand with customer loyalty and client confidence,” said Privacy Commissioner of Canada Jennifer Stoddart. “Modern technologies are creating new threats to the personal information of Canadians, and businesses of all sizes face an ever-increasing challenge to protect it. To mark both Small Business Week and Cybersecurity Awareness Month, we are showcasing tools and information that can help small businesses meet their responsibility to protect the personal information they collect.”
The Privacy for Small Business Online Tool is an interactive privacy assessment tool specifically designed for businesses. It leads users through a step-by-step process to ensure proper handling of the information they possess and steps to take to comply with privacy laws.
In addition, the Securing Personal Information: A Self-Assessment Tool for Organizations is a detailed online questionnaire and analysis that helps organizations gauge how well they are protecting personal information, in keeping with the applicable private-sector privacy law. Developed jointly by the federal, Alberta and British Columbia Privacy Commissioners, the tool can be used by any private-sector organization, particularly small and medium-sized businesses.
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two federal laws for the protection of personal information: the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to commercial activities in the Atlantic provinces, Ontario, Manitoba, Saskatchewan and the Territories. Quebec, Alberta and British Columbia each has its own law covering the private sector. Even in these provinces, PIPEDA continues to apply to the federally regulated private sector and to personal information in interprovincial and international transactions.