How SMBs can be in control of protecting their personal information

What MPC Privacy Quadrant does your organization belong to? We discussed in detail how your organization can find which Privacy Quadrant they fit in, based on the industry you operate in, in our previous article.

While you can’t control what Privacy Quadrant your organization fits in, you can definitely take control of the personal information in your business, whether it is employee or customer/consumer personal information.

Whether you have only a Canadian footprint or global, you need to aim your privacy practices and capabilities to correspond to the expectations for the Privacy Quadrant your type of organization is in, based on the privacy factors we identified in our previous article[1]. Your organization’s privacy program needs to correct the current way personal information is being handled and move inside the Privacy Safe Zone.

You need to create a plan to bring your organization to a place where everyone is aware of what personal information is, what personal information it is they are handling in their day-to-day jobs and what are the controls to appropriately protect the rights of individuals as well as safeguard their information from unauthorized uses and/or breaches of security safeguards. It is important that you put an internal Data Privacy Policy in place, you have a website Privacy Notice and have a classification of the data your business collects and/or processes followed by a clear definition of what safeguards are appropriate for personal information based its sensitivity. Being in the Privacy Safe Zone means that you have implemented the controls in your policies related to handling personal information, the practices you claim in the website Notice as well as what is required of your organization to comply with in any contractual relationships your business has.

An appropriate privacy program needs to have activities to govern the program, activities to implement controls and monitor their effectiveness, and a capability to report on the progress of the program as well as new risks that may affect the business.

If your business is primarily based in Canada or it is trying to expand into other markets, it needs to pay attention to the laws and regulations in those markets, the expectations of customers as well as regulators in those jurisdictions.

To help SMBs stay in the Privacy Safe Zone and future-proof their privacy program to optimize regulatory and compliance risk and the resources required, Managed Privacy Canada has researched over 20 privacy frameworks used by various organizations around the world, including risk-based frameworks and maturity models to guide businesses in each Privacy Quadrant. The most effective way to build a suitable privacy program and take control of the personal information in your business is to implement a harmonized approach to privacy compliance (not a program for each Privacy Law you need comply with) and identify the appropriate controls and program maturity for your type of organization that matches what your business requires.

In our next article we will review the privacy frameworks that help most SMBs become compliant with their privacy obligations. Our MPC Practical Privacy Playbook – P3 contains a number of privacy program components available in most of the frameworks listed in our MPC Privacy Framework Quadrant.

For additional insights and certified expertise:
Email: [email protected]
Twitter:  @managedprivacy

[1] Privacy Factors: link to Jan 6 Article

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Sign up for our Newsletter

Scroll to Top