How Canadian organizations can avoid the submarine effect in a COVID-19 landscape

Businesses have historically taken the protection of personally identifiable information (PII) seriously, implementing security measures to ensure information — such as name, age and blood type — remain private. However over the last few months, the rapid shift to a remote workforce and the erosion of organizational perimeters has forced many organizations to weigh the importance of data protection against business continuity.

This new reality meant the primary focus for many organizations was singular: keeping the lights on. Unfortunately as a result, data privacy and security were considered afterthoughts — often resulting in increased network vulnerability. Insufficient data privacy protocols in the short-term can result in the “submarine effect” — when a problem has been ignored and resurfaces in the future on a much larger scale.

Growing data points means a need for education

The remote workforce and limited in-person interactions increased Canadians’ online presence, resulting in greater reliance on bring-your-own-device (BYOD) and IoT devices.

“Everything we are doing today involves our digital avatar or online persona, and each person is generating an average of 1.7 MB of data per second,” said Julius Azarcon, national leader of cybersecurity services at CDW Canada. “With multiple tracking mechanisms on devices, the implications of insufficient data privacy and security are growing.”

Organizations must ask themselves tough questions on governance and reconciliation of this data to prevent any “submarines” and continuously educate their workforce on company policies and safe data handling practices.

Data privacy and security are symbiotic

The average user understands the need for data privacy, but an appreciation for data security often develops reactively to a cyber incident. It is important to remember that data privacy and security are not mutually exclusive, and businesses need to re-emphasize their symbiotic relationship, ensuring both are top of mind for all employees.

Driving awareness for Canada’s data legislation

A recent study from CDW Canada revealed many Canadian organizations are more familiar with Europe’s General Data Protection Regulation (GDPR) than Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and subsequent Digital Privacy Act. While both pieces of legislation advocate for proper stewardship of data, the framework of PIPEDA must be improved to compel businesses to take privacy and security measures seriously.

“Historically, Canadian organizations have taken data privacy seriously. However, this is less of a concern for many organizations and mistakes are unfortunately going to happen because of this,” said Dave Lewis, global advisory chief information security officer at Cisco.

It is imperative that organizational executives and IT professionals stay up to date on legislation in any jurisdiction where they operate and keep up with legislative changes.

Accountability of organizations and governments

Organizations will increasingly rely on technology as the new normal continues. This long-term horizon means companies must look to implement stronger data privacy and security protocols and be held accountable by any individual from whom they collect information. Pandemic or otherwise, data privacy and security need to be part of the ongoing conversations around business continuity and any new or existing solutions.

Asking these questions at the onset is the best way to ensure transparency and much-needed education while ensuring organizations avoid the submarine effect and keep Canadians’ privacy and security top of mind.