Mandatory Breach Notification Readiness Assessment

Cybersecurity-Image

Is your Organization Ready?

Submitted by The Poirier Group

As of November 1, 2018, new regulations are in force for mandatory reporting of privacy breaches under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). These regulations better harmonize Canadian breach reporting with the recent European Union General Data Protection Regulation (GDPR). Failure to comply fully with these new requirements could result in substantial penalties, negative impact on your brand and the risk of class action suits by those affected. Third parties that manage personal information on your behalf may not be ready to provide the information you need for compliance.

Who Is TPG?

The Poirier Group (TPG) is a boutique management consulting firm founded by David Poirier 13 years ago. Since then, every single engagement has been 100% successful in creating positive customer referrals.

Clients from large-scale to mid-market organizations in various industries would also agree that we are not like other consultancy companies in that we simply do not hand you a report and leave. Our team carefully builds the trust required and works methodically together with your business to deliver specific, tailored recommendations that help operationalize those findings into reality.

We are known as management consultants, but our core competency is operational. We hire the very best people who have real-life experience in everything from operational risk, cybersecurity, technology implementation, change management, financial analysis, and much more. We leverage these skills to extract unique insights and get results faster.

The Poirier Group believes in serving and protecting the highest good of your organization and the people within it!

The Challenge: Mandatory Breach Notification (MBN)

As of November 1, 2018, new regulations are in force for mandatory reporting of privacy breaches under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). These regulations better harmonize Canadian breach reporting with the recent European Union General Data Protection Regulation (GDPR). Failure to comply fully with these new requirements could result in substantial penalties, negative impact on your brand and the risk of class action suits by those affected. Third parties that manage personal information on your behalf may not be ready to provide the information you need for compliance.

MBN-Image

Its about Processes, People and Adaptation

Process:

Meeting MBN requirements demands re-designed, replicable processes and playbooks,
integrating seamlessly with underlying cyber and breach technologies.

People:

MBN involves a matrix of dozens of stakeholders, both inside and outside your organization;
so clearly delineated roles & responsibilities are key.

Adaptation:

At an enterprise level, complex organizations need to be adaptive and responsive to
changes in the business environment, including regulatory change

TPG will rapidly evaluate your organization's key breach reporting practices and size up potential gaps in complying with the new Mandatory Breach Notification (MBN) regulations. Our assessment will:

Identify the key processes, playbooks and plans needed to drive MBN:

  • Maintaining breach records
  • Breach root cause
  • Breach impact
  • Assessing risk of significant harm
  • Mitigation planning
  • Notification etc.

Validate Processes

Validate that the processes and playbooks have been documented, key performance indicators and metrics have been defined, and processes have been tested and are functional.

Validate Stakeholders

Validate that each MBN process has clearly identified internal and external stakeholders, that stakeholders are aware of their participation and that roles & responsibilities have been defined.

Identify Next Steps Highlight

Highlight material MBN gaps and recommend improvements to process design and execution.

Are you at risk? Contact The Poirier Group now for an assessment
rob.brickman@thepoiriergroup.com

The views expressed in this document are solely the views of the author(s). This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.