How is your organization covering its privacy risks?

March is FinTech Privacy Month

In our previous article[1] we discussed how privacy laws leave bread crumbs pointing towards a risk-based approach for a total privacy protection strategy.

Indeed, the triad of IT Risk Management, Privacy and Security is crucial for FinTech and larger-sized companies to tackle the many regulatory obligations they have to comply with.

In other words, the privacy risk gap constitutes the “visible consequences” of inadequate IT Risk Management and Cybersecurity & Privacy Risk Management.

MPC Privacy Quadrant

But where do you start in order to find these gaps? The Office of the Privacy Commissioner of Canada suggests to look right inside your Privacy Policies[2] – for starters:

OPC Privacy Survey 2018-19

Most organizations (in Canada) today have an internal Privacy Policy, which itemizes the 10 PIPEDA Privacy Principles and a website privacy notice (or many, in case different services and/or products are involved).

The risks in collection, use and disclosure as well as over-collection, retention and over-sharing without appropriate controls adds up rapidly, regardless of which MPC Privacy Quadrant[3] your organization falls in.

There are several things in common for all these findings, but one that resonates throughout the policies is the human factor. Having adequately trained and knowledgeable personnel to understand these gaps and how to interact with the business to bring awareness to their practices plays a very important role in reducing your privacy risks identified by the OPC or other regulators.

How is your organization equipped to demonstrated Accountability today? Have you quantified your gaps and privacy risks from your privacy policies and do you understand the impact to employees and consumers?

Do you have roles and responsibilities defined for privacy in your organization?  To find out more: contact us or download our Practical Privacy Playbook to find the best resources for your privacy risk gaps.

For additional insights, certified expertise and a unique risk-based technology platform:

Website: www.ManagedPrivacy.ca

Email: info@ManagedPrivacy.ca
Facebook: https://www.facebook.com/ManagedPrivacy
Twitter: @managedprivacy


[1] https://managedprivacy.ca/2021/03/10/a-risk-based-approach-to-privacy-is-best-in-fintech/

[2] https://www.priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2020/por_2019-20_bus/#figure07

[3] https://managedprivacy.ca/2021/01/05/where-does-your-company-belong-in-the-mpc-privacy-quadrant/


Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top