Image
IT'S NOT IF YOU ARE HACKED. IT'S WHEN.

Protect The Business That You Worked Hard To Build.

We help Canadian businesses become PIPEDA compliant to pass OPC audit (The Office of the Privacy Commissioner of Canada) and qualify for data breach liability insurance.

SSUCv3H4sIAAAAAAAACnRTu47bMBDsA+QfDNVHgKT4TBukTpMuSLEkl7buZNHQ44LDwf+elWw5DHBpBHF2OPsavn/+dDg0AaYuNl8O7+uJzl3fL9M8wtyVgWD+dMdHHBKONfI6tobXAKZuLmMHfQ0GmONpgDMSOCx9v8LXLdhMM8zLhFOV/dzFsUxziS8XKoMCouJHmPFICf65sdf/83Y+7IEtSDco1PxAKqH05fjWPFXRaQlr9Gs5X5YZx6nZY7d8/xH7Hp4xztNHSt96ioxl6GKldfv5tc8DjjjEt7WBa9XaiD3CbRT3Rhrn26xVNCxAUkyJrBnQl0khrbchGKvsXkQjnXOyTcBkjkBkLZiTIjFwSkUZYmt9fJAtcAySZ4ZJO6ay9MQDyTwKGSAb44R7kNFmGWUSTLaelDVmBtGQsvdJBIngUniQQWTHueYsC2OJHBQDzMgyuoSWe6qO/y1DRy5bQW0ZzpmKqJjLbWTCW+t95E5L/SCLYEmYKNFEIgsHLKDhLBjQIFEh13ab+W3Qzctv2uh5M8p9xLCkrlTGeS0R+pXQVnu4jF3shmN1rcynzfb7tViWYR7XBTaP4vpSLhD61eKZNHHHTzBNRE87XnuZHlk5V3mGMm/rv6s2icy+HkUrnXHWWcMFTaQV9wHeX8+pI52tnL3A5dIXSLgmfbj3g3dllFRcC+VvnNqMG69L9fC6Va7R3DrpyIMp8MgUGZSBjp5Zn2WrY0hZIi3h+gcAAP//AwD9//TsWgQAAA==

Free Consultation Is Available!

We would be happy to provide a free consultation to address your cyber security concerns; how to become PIPEDA compliant; how to prepare your organization to qualify for data breach liability insurance; how to deal with data breaches; how to handle complaints to the Privacy Commissioner of Canada; how to deal with audits and more…

OUR WORK

Does Your Business Comply With Federal Privacy Law?

The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s federal privatesector privacy law. It sets out the ground rules for how businesses must handle personal information in the course of commercial activities.

1
ACCOUNTABILITY

Appoint someone to be responsible for your<br /> organization’s PIPEDA compliance.<br /> Protect all personal information held by your<br /> organization, including any personal information<br /> you transfer to a third party for processing.<br /> Develop and implement personal information<br /> policies and practices.

2
IDENTIFY THE PURPOSE

Identify and document your purposes for collecting<br /> personal information. This will help you determine<br /> which specific personal information to collect to<br /> fulfill those purposes.<br /> Tell your customers why your organization needs<br /> their personal information before or at the time of<br /> collection.

3
OBTAIN VALID, INFORMED CONSENT

Meaningful consent is an essential element of<br /> PIPEDA. Organizations are generally required to<br /> obtain meaningful consent for the collection, use<br /> and disclosure of personal information. Make privacy information readily available in<br /> complete form.

4
LIMIT COLLECTION

Collect only the personal information your organization needs to fulfill a legitimate identified<br /> purpose. Be honest about the reasons you are collecting personal information. Collect personal information by fair and lawful means. This requirement is intended to prevent<br /> organizations from collecting information by misleading or deceiving about the purpose.

5
LIMIT USE, DISCLOSURE AND RETENTION

Know what personal information you have, where it is, and what you are doing with it. Obtain fresh consent if you intend to use or disclose personal information for a new purpose. Collect, use or disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances. Put guidelines and procedures in place for retaining and destroying personal information.

6
BE ACCURATE

Minimize the possibility of using incorrect information when making a decision about an<br /> individual or when disclosing information to third parties. Keep personal information as accurate, complete and up to date as necessary, taking into account its use and the interests of the individual. Establish policies that govern what types of information need to be updated.

7
USE APPROPRIATE SAFEGUARDS

Protect personal information in a way that is appropriate to how sensitive it is.<br /> Protect all personal information (regardless of how it is stored) against loss, theft, or any unauthorized access, disclosure, copying, use or modification.<br /> Note: PIPEDA does not specify particular security safeguards that must be used

8
BE OPEN

Inform your customers and employees that you have policies and practices for managing personal information. Make these policies and practices easily understandable and easily available. Your organization’s detailed personal information management practices must be clear and easy to understand.

9
GIVE INDIVIDUALS ACCESS

Explain where the information was obtained. Explain how that information is or has been used and to whom it has been disclosed. Give people access to their information at minimal<br /> or no cost, or explain your reasons for not providing access. Correct or amend personal information in cases where accuracy and completeness is deficient.

CYBER SECURITY

Services

Organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) are required to:

  • report to the Privacy Commissioner of Canada breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals
  • notify affected individuals about those breaches, and
  • keep records of all breaches.

Our team will handle the following:

  • Immediate response in the event of suspicious activity
  • In case of unauthorized access or when an infection is detected, we restore a stable backup and restore the site to working capacity (from 6 to 48 hours, depending on the chosen backup method)
  • Find out how, when and by whom the attack was performed
  • Assist with submitting a breach report to the OPC
  • Take measures to prevent possible infections and penetrations in the future.
  • Provided actionable recommendations to secure the system and prevent future penetrations.

Goals for Cyber Incident Response

When a cyber security incident occurs, timely and thorough action to manage the impact of the incident is critical to an effective response process. The response should limit the potential for damage by ensuring that actions are well known and coordinated. Specifically, the response goals are:

  1. Preserve and protect the confidentiality of constituent and employee information and ensure the integrity and availability of the company’s systems, networks and related data.
  2. Help company personnel recover their business processes after a computer or network security incident or other types of data breach.
  3. Provide a consistent response strategy to system and network threats that put company data and systems at risk.
  4. Develop and activate a communications plan including initial reporting of the incident as well as ongoing communications, as necessary.
  5. Coordinate efforts with external Computer Incident Response Teams and law enforcement.
  6. Minimize the company’s reputational risk
  • Infrastructure security audit for potential vulnerabilities
  • Check the quality of the security system on a virtual server (Linux)
  • Check and remove unused plugins and plugins with duplicate functionality
  • Organize an authorization system for key users using 2FA or blocking by IP
  • Set up and monitor the firewall
  • Eliminate potential vulnerabilities
  • Set up a tracking authorization system to log all the WordPress and Cpanel login attempts
  • Scan for malicious code (send reports if requested) – (regularly, once a week)
  • Make backup copies of the site – (regularly, once a week)
  • Organize an automated backup system (subject to the purchase of extra disk space by the owner)
  • PDF Report with a detailed breakdown of work performed, system’s vulnerabilities and recommendations for improvement
  • Immediate response in the event of suspicious activity
  • In case of unauthorized access or when an infection is detected, we restore a stable backup and restore the site to working capacity (from 6 to 48 hours, depending on the chosen backup method)
  • Find out how, when and by whom the attack was performed
  • Take measures to prevent possible infections and penetrations in the future.
  • Provided actionable recommendations to secure the system and prevent future penetrations.

PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of commercial activity.

  • Infrastructure security audit for potential vulnerabilities
  • Check the quality of the security system on a virtual server (Linux)

By making your organization PIPEDA compliant, RACCUN’s team will ensure that you are ready for OPC audit.

PIPEDA gives the OPC the authority to audit an organization’s privacy practices when the OPC has reasonable grounds to believe the organization is not fulfilling its obligations under Part 1 of the Act or is not respecting the recommendations of Schedule 1.

What can lead to an audit?

  • a group or series of complaints about a particular organization’s practices;
  • information obtained during an investigation;
  • information provided by an individual under the whistleblower provision; or
  • an issue receiving public attention.

Our team will work to ensure that your organization is PIPEDA compliant with its 10 fair information principles to protect personal information, which are set out in Schedule 1 of PIPEDA.

The principles are:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting use, disclosure and retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Challenging Compliance

Based on the nature of your business and the industry, we will develop and help you implement a PIPEDA-compliant security policy to protect personal information.

We will make sure to address any known vulnerabilities through regular security audits and/or testing. What’s on you is to make your employees aware of the importance of maintaining the security and confidentiality of personal information, and hold regular staff training on security safeguards.

In order for companies to qualify for data breach liability insurance (cyber or cyber risk insurance), they must meet certain technical and internal policy requirements. For example things like: Encryption, Authentication, Anti-Virus, Firewall, Spam Filtering, Device Inventory etc. Our team can help you to comply with all the requirements to obtain the insurance coverage that you need.

Give Us A Call!

Protect the business you've worked hard to build. No string attached.

We would be happy to provide a free consultation to address your cyber security concerns; how to become PIPEDA compliant; how to prepare your organization to qualify for data breach liability insurance; how to deal with data breaches; how to handle complaints to the Privacy Commissioner of Canada; how to deal with audits and more…

PIPEDA Cyber Security
DISCOVER US

The top international cyber security agency.