In the course of its business, your company uses a computer system. Like many others, it is therefore exposed to risks and obligations in terms of IT security and personal information retention.
A single event is enough to cause reputational damage, financial losses and even the closure of your business.
A major risk associated with the use of IT systems by businesses is the security of personal and confidential data. Cyber-attacks, such as ransomware, denial-of-service attacks, social engineering fraud, phishing and system hacks, are becoming increasingly common, and the consequences can be disastrous, ranging from loss of personal data to disruption of business operations and financial difficulties.
On September 22, 2022, the Quebec government passed Bill 25*, an act modernizing the legislative provisions governing the protection of personal information.
The amendments resulting from Bill 25 promote transparency for public bodies, private companies, non-profit organizations and political parties. This legislation obliges them to report any events relating to the protection of personal information, to keep a log of events, to appoint a designated person responsible for the conservation of personal information, to make this person's contact details available on the company's website and to allow any citizen to know what information concerning him or her is kept by the entity, to justify the retention of this information and to require that this information be completely erased and destroyed, and to require proof of this. The aim is to promote better control and protection of citizens' personal information. Adequate security measures are necessary to meet the requirements of the new legislation.
Bill 25 provides a specific framework for the protection and management of personal data. This represents a major challenge for SMEs in particular, as these small and medium-sized businesses do not have the same resources as large corporations, but have the same obligations. The Act makes no distinction or difference with regard to company size, number of employees or sector of activity. The requirements of this law apply to all organizations operating in Quebec and oblige them to comply. Noncompliance fines are very dissuasive, to ensure that companies comply.
Cyber risk insurance is one of the best ways to secure your IT security investments and protect your company's financial health. It will ensure that you have rapid response, competent resources, the steps to follow in the event of a Cyber event, and compliance with legislation.
Contact Lussier’s Cyber insurance specialists to learn more.
* Source: Government of Canada
