To Centralize or Not Centralize Technology – that is the privacy question!

MPC Practical Privacy Insight Series

We are now two years into the pandemic and a law reform in Quebec later. At this time, organizations that are thinking about selling to Quebec customers have to start preparations to implement Phase 1 of the PIPPS Law. 

Organizations are finding themselves even more resource strapped as they have to adjust to the new normal: total technology dependence, for employees (working from home) and for a strong online presence. 

Small or medium size organizations have to present a great “resume” from the perspective of personal information protection and technology security if they want to be considered to win a new contract or for an acquisition. Having a great financial situation is no longer sufficient. A history of good governance and data stewardship is the next level of Accountability that is described in the Quebec PIPPS which indicates a new era for Canadian businesses.

As businesses grow in size and expand, but keep the same volume or focus of personal information (mainly employees and other business customers), the risk to consider is that of reputation. Reputational risk will substantially influence how they can conquer additional market share.

With any expansion, any organization will create business models that  inherently mean collection and/or processing of even more personal information. For these aggressive growth organizations,  compliance and the degree of maturity in compliance becomes very important as does the cost of negligence.  

Organizations who are under more scrutiny, have to respond to multiple laws and regulations, have ambitious growth and expansion plans and want to attract more business and customers, need to go beyond the baseline and really understand what would it take to implement appropriate personal information privacy, protection and safeguards and the resources and knowledge they need to have at their disposal.

Acquiring new technologies to enable growth can come at a bigger cost, which is introducing new risks and vectors for hackers and ransomware attacks.  However, centralizing technologies may run the legal risk of data localization.

When you understand which MPC Quadrant your organization belongs to, you no longer need to figure out what are all the requirements in your privacy program. We have designed a Business Leaders Onboarding Starter Kit to make the transition from your needs to a real compliance program very smooth and that includes understanding your technology. Privacy can be beautiful and can influence your organization’s growth and appeal to interested parties significantly. For more information contact us at:



Facebook: @ManagedPrivacy

Instagram: @managedprivacycanadaTwitter: @managedprivacy

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Sign up for our Newsletter