Chapter 3 Flashcards
Explain the privacy act
-Governs the handling practises of personal information by federal government department and agencies
-Imposes obligations on federal government departments and agencies to respect the privacy rights of Canadians
-Places a limit on the collection, use, and disclosure of personal information
-Provides an individuals right to access and correct personal information the government of Canada holds about them
Explain digital privacy act
-strengthens privacy rights and protections for Canadians in their dealings with private sector companies
-Improves accountability, and provides incentives for organizations to comply with the law
-amends PIPEDA, including the introduction of mandatory breach notification in the event of a privacy breach that may result in a “real risk of significant harm” to an individual
Explain personal information protection and electronic documents act (PIPEDA)
-governs the collection, use, retention, and disclosure of personal information
-Places limitations on how long personal information can be retained, but doesn’t prescribe any specific timelines for such retention
Explain Canada‘s anti-spam legislation (CASL)
-the federal law dealing with spam and other electronic threats
-Applies to all commercial electronic messages that businesses send in relation to a commercial activity and requires that business sending these messages within, from, or to Canada have consent from recipients before sending messages
Explain the office of the superintendent of financial institutions (OSFI)
-Regulates and monitors federally charted and foreign insurance companies
-Ensures the financial integrity of all insurers, including measures to safeguard insurance company solvency
Explain technology and cyber security incident reporting (Advisory)
-Issued by OSFI in 2019
-Sets out expectations for federally regulated financial institutions to address technology and cyber security incident
-States that technology or cyber security incidents assessed to high or critical severity level should be reported to OSFI and states some characteristics to define these types of incidents
-Threshold for reporting incidents under the advisory is potentially broader than the threshold for reporting privacy breaches under PIPEDA
-Must notify OSFI within 24 hours of determining that a reportable incident has occurred
Explain the European Union general data processing regulation (GDPR)
-Regulates the processing by an individual company or an organization of personal data relating to individuals in the EU
-Applies to all companies handling the personal data of EU residence, including companies established outside the EU that offers goods or services to EU residence or monitor their behaviour
What are the penalties for noncompliance under the GDPR?
-Fines up to 2% of a companies global turnover or €10 million (whichever is higher)
-Fines up to 4% of a companies global turnover or €20 million (whichever is higher)
Under the GDPR explain the definition of consent
The consent must be:
Specific
Informed
Unambiguous and
Freely given by statement or clear, affirming actions
Under the EU, what is the time frame an attack must be report within?
72 hours
Under the OSFI, what is the time frame an attack must be report within?
24 hours
