The increasing cyber security threat continues to raise a series of privacy risks for organizations. The Office of the Privacy Commissioner of Canada (OPC) has been regularly focusing on cyber security in letters of findings and guidance and, most recently, in a report, entitled "Privacy and Cyber Security: Emphasizing privacy protection in cyber security activities".
The OPC's report examines the interrelationships between cyber security and privacy, and discusses a number of common challenges for cyber security and privacy, including:
- The complexity of electronic, interconnected networks
- Increasingly sophisticated cyber threats and the "professionalization" of hacking
- Threats to mobile devices, which are closely tied to individual users
- The challenge in the Big Data context
- Ensuring breach preparedness is a greater priority
- Encouraging effective, dynamic risk management instead of "check the box" compliance
The report also considers recent policy developments, including the tension between privacy protection and national security, and the global nature of cyber governance. The report concludes with recommended policy directions in which privacy protection could in the future support and augment cyber security:
- Building privacy values into the development of cyber security policy
- Legislative approaches the incentivize cyber security preparedness
- Facilitating a broader dialogue on cyber security which acknowledges the importance of privacy, trust and responsible data stewardship
The Osler Privacy and Data Management practice group will be discussing this report on our next monthly call on February 25, 2015 at 11:30 a.m. EST that will focus on The Emerging Cyber Security Threat Environment. The call will feature a conversation with James Aquilina, Executive Managing Director at Stroz Friedberg and co-author of the work "Malware Forensics: Investigating and Analyzing Malicious Code".
Please visit our events page to sign up for the February monthly privacy call and for more information on all upcoming events.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.