Data Privacy Day commemorates the signing of Convention 108 on Jan. 28, 1981, which was the first legally binding international treaty dealing with privacy and data protection. Since that time, privacy has grown in importance in Canada and around the world, and many countries now celebrate a full Data Privacy Week.
This year, the Office of the Privacy Commissioner of Canada has announced that Data Privacy Week will take place from January 22 to 26, and it has declared that the 2024 theme is "Take control of your data".
Taking control of your data can have multiple meanings. For individuals this can mean taking a more proactive approach to learning about how organizations use their data and exercising choices available to them. However, many organizations also struggle with managing their data. Here are some tips that can help:
McMillan's Top 5 Tips for Organizations to Take Control of their Data
- Data Mapping. In order to take control of data, organizations must first understand what data they process. This requires an examination of the types of data collected, how data is collected (and from where), locations where data is stored, with whom data is shared, how long data is kept, and how data is destroyed.
- Assign Roles & Responsibilities. Often data is mismanaged because stakeholders within the organization mistakenly assume that someone else will make sure that appropriate controls are in place and will be followed. Clearly assigning roles and responsibilities to specific individuals within the organization can help to ensure that policies and procedures for handling data are actually implemented, in practice.
- Establish a Compliance Structure. It is not uncommon to see massive disparities between how different departments, offices or divisions manage data, especially within large and complex organizations. Establishing a formal privacy and data protection compliance program enhances consistency in processes and helps to ensure that all relevant personnel understand how they should be handling data.
- Leverage Technological Solutions. People are critically important to organizations, but they can also be the weakest link in privacy and data security. Often technological solutions can be implemented to reduce human error and increase consistency in how data is handled. For example, a number of vendors offer solutions for access control, data subject rights requests, and automated data deletion. Although these tools can help organizations take control of their data, it is important to ensure that they are designed for compliance with Canadian requirements (not just US and EU laws).
- Implement Data Minimization. One reason that data sometimes gets out of control is that organizations accumulate a massive amount of data, much of which is unnecessary, outdated, and/or decentralized. Accumulating vast quantities of data gives rise to a number of privacy and data protection risks, including increased potential for misuse and enhanced costs and risks in the event of a breach. Proactively minimizing the data that your organization collects, and purging old data that is no longer useful, helps stop data from getting out of control. It also reduces data storage costs and facilitates legal compliance!
McMillan's Privacy and Data Protection Team provides organizations with practical guidance to help our clients manage their data and navigate the complex framework of legal and regulatory requirements across Canada. Celebrate Data Privacy Week by reaching out to your McMillan advisor and to start the process of taking control of your data!
The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.
© McMillan LLP 2024
