The topic of cybersecurity, understandably, causes a great deal of uncertainty on corporate boards.
Technology is fast-moving, ever-changing and seemingly impossible to stay ahead of. Furthermore, most board members have secured their seats because they have valuable years of experience and expertise in certain areas or industries. But cybersecurity is a subject very few people have experience in. One of the biggest challenges, even for some of Canada’s most sophisticated boards, is finding members who actually understand this stuff.
This lack of knowledge can lead board members to take a hands-off approach to issues such as customer privacy and data security. However, with Canada’s new mandatory data-breach notification requirement coming into effect, board members can no longer afford to be deferential. Post Nov. 1, the ramifications of a corporate breach will quickly travel all the way up to the board level.
The new requirement stipulates that organizations that experience a data breach must report the incident to the Privacy Commissioner of Canada, and notify affected individuals when there’s a “real risk of…