Canadian Cybersecurity & Regulatory Issues
TEKRiSQ recommends every private business in Canada read and understand the impact this has on their unique business that is summarized in PART 1 Protection of Personal Information in the Private Sector. We also recommend reviewing;
SCHEDULE 1 Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information, CAN/CSA-Q830-96
Evolving Canadian Regulation Legislation
Canada has released a new cyber security law in June, 2022, Bill C-26 including Critical Cyber Systems Protection Act (CCSPA) to address long standing gaps in federal government framework and policy around critical cybersecurity vulnerabilities. It will impose obligations on organizations acting in industries of national importance mandatory cyber security programs and cyber incident reporting, and will be backed by administrative monetary penalties for non-compliance. Today the impacted sectors include telecommunications services, interprovincial or international pipelines and power line systems, nuclear energy systems, transportation systems within the legislative authority of Parliament, banking systems; and clearing and settlement systems.
However, the government will have the ability to add additional services and systems to the schedule, and in other countries this has expanded to other federally regulated industries including financial services and insurance.