Small- and medium-sized enterprises in Canada make up 99 percent of the market. That means the Googles, Bells and Rogers of the world only process a small fraction of all the personal information that is processed on a day-to-day basis.
For SMEs, the person who is in charge of privacy usually spends less than five percent of their time on that task. They are more likely than not to have no privacy training and in many instances they cannot even name the law or its obligations but rather try to obtain compliance by using common sense.
I mention all of this because it was the topic of a panel discussion I moderated at the 48th APPA conference held in Vancouver this week. The APPA conference brings together DPAs from the Asia-Pacific region and the discussion on SMEs was very interesting. Panelists spoke about the importance of providing concrete guidance and tools on regulators’ websites, using social media channels to disseminate information, and of connecting with industry associations. There’s definitely no silver bullet solution or approach, but there are a lot of good ideas and a need to do more.
For us at the IAPP, we consistently try to get our message out to SMEs as well and we face many of the same challenges that regulators do. If you’re working in a SME and reading this note, I guess you can say that we’re making some headway. That being said, I’d like to hear from you if you have ideas about how the IAPP can better reach this all too important market.