Not if, but when
Breaches are a fact of life in today’s cyberattack happy world. The Chartered Professional Accountants Canada reports that in addition to blue chip companies like BMO, CIBC, and Air Canada, estimates are as high as one in five Canadian firms have suffered a data breach and may not even be aware. And while the embarrassment and reputation damage associated with a breach is bad, the financial impact can be even worse, including:
- Significant legal fees
- Settlement monies
- Fees for crisis management and public relations
- Up to $100,000 CN in fines should you fail to report a breach to The Office of The Privacy Commissioner
Businesses of all sizes are being targeted, especially smaller and mid-sized firms who believe they may be below the hackers’ radar, and whose data security practices may be less well-resourced than at large organizations.
Why Data Breach Response Planning Matters
As of November 1, 2018 Canadian firms are required, per the Personal Information Protection and Electronic Documents Act (PIPEDA), to retain information pertaining to the breach for a minimum of two years.
This requirement for record retention is above and beyond the requirements for reporting the breach to all of the required national and provincial bodies, as well as to the affected consumers or businesses.
Having a formal response and recovery plan is critical to demonstrating defensible practices and is shown to help minimize risk and lessen financial impact and damages caused by an information security incident.
Access Notifi – Your ultimate safety net for a data breach
Through the service you will engage with an experienced data breach attorney. This allows you to invoke attorney client privilege which can protect your communications from being discoverable in a legal proceeding. Additionally you will have at your disposal:
Access Notifi – Your ultimate safety net for a data breach
- Live response 24/7/365 to answer questions, receive reports of a suspected Data Breach event and recommend critical first steps.
- A dedicated point of contact from your Service Provider to respond to calls, deliver critical documents and address ongoing concerns.
- A comprehensive information gathering and assessment process to determine the nature and extent of the Data Breach event and applicable Canadian notification requirements.
- Two (2) hours of consultation with an information governance and cyber risk expert in addition to the event assessment process.
- A detailed plan and timeline to provide a response to the Data Breach event created by a qualified attorney, including:
- Initial data incident consultation to answer questions and discuss basic strategies for investigating and responding to the incident.
- Recommend notification letter content to governmental agencies and Affected Consumers and Plan Member Employees based on the circumstances and compliance requirements of the Data Breach event.
- Recommendations concerning public relations communications and frequently asked questions to employees, the press, the public and others.
- Recommendations concerning communication and interaction with law enforcement agencies.
Why Access Notifi Now?
The premise is simple, and the value provided far exceeds the low monthly fee.
- Proactive protection against a cyber-incident
- Accelerated response times
- Certainty of meeting regulatory requirements for disclosures
- Mitigation of damage to your company and reputation
- Expert advice and guidance on response to a data breach up to 2 per 12 months
- Customer notification templates that meet regulatory requirements
- Employee talking point templates and call center script templates
- PR guidelines based on research into 1000’s of incidents
This is not the kind of expertise you are likely to have within your company
Access is extending this cyber-incident protection to you.
No thanks, I’m ready to take on the risks of data breaches without help.