Today marks the one-year anniversary of the Personal Information Protection and Electronic Documents Act data breach regime coming into force. It has kept me busy, and I’m sure many privacy pros are dealing with the regime now that it’s fully in effect.

And, speaking of data breaches, the world’s data protection and privacy commissioners gather every year, and they just wrapped up their annual conference in Albania. One of the things coming out of it was a resolution concerning the fact that so many data breaches are the result of human error.

First, they undertook as a collective to categorize and learn from the data breaches that are being reported to them. But, knowing full well that human error plays a large part in many data breaches, they planned out a way to combat this epidemic. 

They also resolved to promote and educate the need to build more robust security measures. Specifically, they are going to promote building workplace cultures where privacy and personal data security are organizational priorities, including through the periodic implementation of training, education and awareness programs for employees on their privacy and security obligations, as well as the detection and reporting of threats to the security of personal data.

In addition, they will establish robust and effective data protection and privacy practices, procedures and systems, including building privacy into the design, operation and management of systems and practices, as well as investing in the improvement of the overall security posture in line with known security risks. At a user level, they will implement technologies to complement user education in mitigating against the risk of compromised credentials and unintentionally disclosing personal data to unauthorized recipients.

Lastly, they will promote evaluating privacy practices, procedures and systems to ensure continued effectiveness, including by implementing a program of proactive review, as well as system monitoring and auditing.

Laudable goals. I’m curious to see what the Canadian regulators come up with in response to this resolution. OK, I’m signing off here as I have another data breach to deal with, and time is of the essence.