By Byron V. Acohido
As a partner at the Canadian law firm Borden Ladner Gervais, Éloïse Gratton advises her clients on legal, practical and ethical ways to protect an individual’s privacy while conducting business nationally and internationally. She has testified before Canada’s House of Commons and other federal bodies and conducted training workshops attended by judges and members of the Parliament.
LastWatchdog sat down with Gratton just after she appeared on a privacy panel at CyberScout’s Privacy XChange Forum. Here’s the gist of that conversation. The text has been edited for clarity and length.
LastWatchdog: Europe and Canada are oriented toward preserving privacy for the individual; in America, not so much. Can you frame how that plays out in global commerce?
Gratton: I would say in Europe and in Canada, we’ve been a little bit ahead on the data-protection front, so we probably have laws that are a little bit more stringent. Yet we’re a little behind on everything that has to do with security-breach notification. In the States, it has been mandatory for quite some time. In Europe, it will be mandatory with the upcoming General Data Protection Regulation in May 2018.
In Canada, there’s one province where, if the breach triggers significant harm for the affected individuals, it’s mandatory to notify. So in Alberta, that has been a legal requirement since 2009. In coming months, this will also become a federal legal requirement to notify upon a security breach taking place. So we’re following the U.S. on this issue.
LastWatchdog: Cyber threats continue to evolve so rapidly; can regulators keep up?
Gratton: Yes, the threat is evolving, so at the end of the day, organizations need to ensure that they are ready for the new threats. We’ve seen it recently in Canada with the Ashley Madison hack. So you have to have a breach-incidence response plan and make sure employees are trained, so that they’ll know exactly what to do. Upon … more