The CSX Cybersecurity Day – Presented by ISACA-Québec

The CSX Cybersecurity Day – Presented by ISACA-Québec

On Tuesday May 31, our president, Jean-Philippe Racine, offers a conference on cyber risk insurance during ISACA-Québec’s CSX Cybersecurity Day; the challenge at hand: captivating the audience as did the last speaker, Michel Juneau-Katsuya🙂

Université Laval, Pavillon Desjardins, Cercle, 4ième étage
2325, Rue de l’Université, Québec, (Québec) G1K 7P4

Description de l’événement

How do you manage cyber risk?

Cybersecurity is defined as the collection of laws, policies, tools, measures, security concepts and mechanisms, risk management methodologies, training, good practices and technologies which can be used to protect both people, as well as tangible and intangible IT assets.

In our everyday lives, as business security managers we must face omnipresent cyber risks.

On this day dedicated to cybersecurity, we will explore a few aspects of cyberspace risk management and attempt to better comprehend the risks at stake. We also will attempt to offer a few tools to help surf through the next year. Don’t miss it!

 

Jean-Philippe Racine’s Conference – Cybersecurity and Insurance
Jean-Philippe Racine

Throughout the conference, Mr. Racine discusses the emergence of cyber-risk insurance products and the benefits of acquiring such coverage. He also reveals the principal characteristics of this type of product and presents the main challenges encountered by insurers and IT specialists.

Biography:
Thanks to his 14 years experience in the IT sector, numerous certifications and vast training, Mr. Racine now has more than 10 years experience in cybersecurity. Beginning with server and firewall management, his career rapidly evolved to security tactics and strategies.

Jean-Phillippe Racine has been an entrepreneur for more than six years and founded the CyberSwat Group in 2015. The business specialises notably in cyber risk assessment adapted to the insurance sector, but also offers cybersecurity services to SMBs in the Province of Quebec.

Speak now or forever hold your peace!

Author: Christine A. Carron, Ad. E, Norton Rose Fulbright

Article original 

Consultations on breach reporting regulations under PIPEDA now underway

In June 2015, the Parliament of Canada adopted the Digital Privacy Act (the Act) that amends PIPEDA to provide for mandatory breach reporting to the privacy commissioner and the affected individuals in circumstances very similar to those under Alberta’s Personal Information Protection Act. However, the reporting requirements do not come into effect until the regulations regarding the particulars of the notice have been enacted.

So now is the time to help shape the regulations that will define your obligations moving forward.
It will be recalled that the Act requires breach reporting if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm. It provides for three criteria to be considered when determining the answer to that question.

Stakeholders are being asked some 26 questions on a range of issues, including whether the criteria to be used for breach reporting should be further defined, whether the content of the notice should be mandated as well as whether and for how long details of any breach – even those not meeting the mandatory notice threshold – should be retained.

Preserving reporting flexibility

Under the Act and the Alberta legislation, organizations now have considerable latitude in the means of communicating information about a breach (email, in person, by mail) and the contents of that communication to the individuals affected provided that the notice is sufficiently detailed to permit individuals to mitigate their damages. This flexibility has served organizations well in the context of breaches covered by Alberta’s legislation and if stakeholders feel it should be preserved they should speak up now.

Equally worthy of commentary are the proposals concerning notice of the breach to third parties who are in a position to attenuate the risk of prejudice.

Adjustments for specific industries are possible

The proposed regulations have the potential to affect all businesses in Canada. Because the government has shown an openness to consider tailoring some of their provisions to industries demonstrating a need, it is important to speak up now.

After this initial consultation period, which comes to a close at the end of May, the government will publish draft regulations and will allow further public comment. However, it is always better to shape the regulations before they are published than attempt to modify them once they have been drafted.

Contacts

  • Christine A. Carron, Ad. E., Montréal
  • Kateri-Anne Grenier, Québec
  • Steve J. Tenai, Toronto
  • Anthony (Tony) Morris, Calgary