Canada cybersecurity best practices risk assessment define rmm insurance regulation policy requirements information solutions Calgary British Columbia Alberta Ontario Saskatchewan Nunavit Prince Edward Island Manitoba

Canada Cybersecurity Regulation Policies & Issues 

about Canada’s National Cyber Security Strategy

All Canadian companies are responsible for compliance as per Canada’s Personal Information Protection and Electronic Documents Act. Here is the link to that act. This document is current as of March 20, 2023.  See the following;

TEKRiSQ recommends every private business in Canada read and understand the impact this has on their unique business that is summarized in PART 1 Protection of Personal Information in the Private Sector. We also recommend reviewing;
SCHEDULE 1 Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information, CAN/CSA-Q830-96
  • 4.1 Principle 1Accountability– An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
  • 4.7 Principle 7Safeguards– Personal & sensitive information must be protected with appropriate security safeguards.
Evolving Canadian Regulation Legislation
Canada released a new cyber security law in June, 2022. Bill C-26 included Critical Cyber Systems Protection Act (CCSPA) to address long standing gaps in federal government framework and policy around critical cybersecurity vulnerabilities.  It imposes obligations on organizations acting in industries of national importance. This includes mandatory cyber security programs and cyber incident reporting, and imposes administrative monetary penalties for non-compliance. Today the impacted sectors include telecommunications services, interprovincial or international pipelines and power line systems, nuclear energy systems, transportation systems within the legislative authority of Parliament, banking systems and clearing and settlement systems. 
The government has the ability to add additional services & systems to the schedule. In other countries this includes other federally regulated industries including financial services and insurance.

QUEBEC LAW 25

Law 25 established these mandates starting in September 2023. Organizations must assess privacy risks, destroy unnecessary personal data and obtain consent from individuals to use their personal information.
𝗦𝘁𝗲𝗲𝗽 𝗳𝗶𝗻𝗲𝘀 𝗼𝗳 $𝟱,𝟬𝟬𝟬 𝘁𝗼 $𝟱𝟬,𝟬𝟬𝟬/𝗯𝗿𝗲𝗮𝗰𝗵 𝗼𝗳 𝗶𝗻𝗱𝗶𝘃𝗶𝗱𝘂𝗮𝗹. B𝗶𝗴𝗴𝗲𝗿 𝗯𝗿𝗲𝗮𝗰𝗵𝗲𝘀 𝗰𝗮𝗻 𝗰𝗼𝘀𝘁 𝘂𝗽 𝘁𝗼 $𝟮𝟱 𝗺𝗶𝗹𝗹𝗶𝗼𝗻 𝗼𝗿 𝟰% 𝗼𝗳 𝗰𝗼𝗺𝗽𝗮𝗻𝘆’𝘀 𝗽𝗿𝗶𝗼𝗿 𝘆𝗲𝗮𝗿 𝗿𝗲𝘃𝗲𝗻𝘂𝗲𝘀. More details can be found here. 

Alberta

read more information on CyberAlberta initiatives https://cyberalberta.ca/

British Columbia

Manitoba

Ontario

QUEBEC LAW 25 established these mandates starting in September 2023. Organizations must assess privacy risks, destroy unnecessary personal data and obtain consent from individuals to use their personal information. 𝗦𝘁𝗲𝗲𝗽 𝗳𝗶𝗻𝗲𝘀 𝗼𝗳 $𝟱,𝟬𝟬𝟬 𝘁𝗼 $𝟱𝟬,𝟬𝟬𝟬/𝗯𝗿𝗲𝗮𝗰𝗵 𝗼𝗳 𝗶𝗻𝗱𝗶𝘃𝗶𝗱𝘂𝗮𝗹. B𝗶𝗴𝗴𝗲𝗿 𝗯𝗿𝗲𝗮𝗰𝗵𝗲𝘀 𝗰𝗮𝗻 𝗰𝗼𝘀𝘁 𝘂𝗽 𝘁𝗼 $𝟮𝟱 𝗺𝗶𝗹𝗹𝗶𝗼𝗻 𝗼𝗿 𝟰% 𝗼𝗳 𝗰𝗼𝗺𝗽𝗮𝗻𝘆’𝘀 𝗽𝗿𝗶𝗼𝗿 𝘆𝗲𝗮𝗿 𝗿𝗲𝘃𝗲𝗻𝘂𝗲𝘀. More details can be found here. 

Saskatchewan

 

Contact TEKRiSQ to learn more about our solutions.

 
Get Started Now