Tag Archives: Alberta

Be ready to play the long game when preparing for GDPR

Meeting the deadline for the General Data Protection Regulation (GDPR) in May doesn’t mean your work is done. Preparing for GDPR is an ongoing process of internal readiness with both short-term and long-term tasks.

Despite being birthed by the European Union, this incoming privacy legislation is driven by citizenship—and that’s why Canadian businesses need to be preparing for GDPR, as well. There’s a lot to consider: At first blush, GDPR preparation appears to be a security exercise, but that’s only one component, albeit essential. Ultimately, the new legislation will prompt organizations to think differently about the data they store and process.

Most of all, organizations must realize that meeting the May 25, 2018 deadline doesn’t mean their GDPR preparation is done.

Preparing for GDPR requires transparency

You can’t secure data if you don’t know how it’s stored or how it flows through your organization. Under GDPR, you must know how data moves across different borders within the European Union and beyond. Even if you’ve done a thorough investigation of the data you store currently and how it’s processed, it’s not something you can tick off a checklist. Your data is a living entity. You need to identify where it’s held, how it’s accessed and processed, and its characteristics—it not only has to be documented once but over time. For instance, is it sensitive financial data or Personally Identifiable Information (PII)?

Your documentation and data processing activities must be transparent and demonstrate accountability, so make sure you’re evaluating your current data governance practices and policies as part of your GDPR preparation and identifying areas that need improvement.

Be ready for breaches

The reality is it’s not a matter of if a breach will occur, it’s a matter of when, and GDPR provides further incentive to understand where your data is most vulnerable. Not only do you need a process for detecting and investigating breaches, but you need a plan to disclose that personal data has been breached within 72 hours—although GDPR allows for some exceptions. You may want to conduct a fire drill to test the effectiveness of your procedures for data breach response.

It’s also a good time for Canadian organizations to consider the breach notification guidelines being developed under the Personal Information Protection and Electronic Documents Act (PIPEDA), which are, in part, inspired by privacy legislation in Alberta, the first province to have notification provisions.

Get—and reaffirm—consent

A key aspect of GDPR is getting a person’s consent to process their data. Even more importantly, you must be able to honour a request to have that consent withdrawn—that’s why understanding how your data flows is so important. Consent under GDPR must be specific, granular, auditable, and easy to understand. For the affected EU citizen, the consent must also be easy to withdraw. While consent is already an existing component of PIPEDA, new requirements under GDPR may require approaching current data subjects and asking permission again to use their data.

The consent aspect reinforces the need for bulletproof record keeping. You must clearly identify your organization to the data subject and be transparent about any third parties who may also have access to their data. You should review your consent process in preparation for GDPR, and do so regularly from now, so you can develop an audit trail to satisfy regulators. You should also keep it aligned with any changes to your data processing activities.

GDPR preparation requires the right people

Under the legislation, public authorities or organizations conducting large-scale monitoring of individuals, special categories of data, or data relating to criminal convictions and offences are required to have a data protection officer (DPO). But even if your organization doesn’t require one, Gartner recommends designating someone to be responsible for data governance, so you can readily comply with GDPR. This person will be the point of contact for the data protection authority (DPA) and data subjects.

Regardless of the size of your organization, it’s also a good idea to retain outside experts—consultants who can help architect a risk assessment framework, manage data privacy, and deploy technology that can ensure compliance. In case of a breach, you should have public relation experts, forensic experts, and legal counsel at your disposal.

Preparing for GDPR means staying prepared. Just as Canada’s PIPEDA was intended to be reviewed every five years since being introduced more than 15 years ago, organizations should expect GDPR to be modified over time. While there are many tasks in the short term to complete to meet the May deadline, you should prepare to integrate your GDPR compliance into ongoing operations. Since customer data is rarely static, understanding where it flows is critical to its protection, regardless of regulatory requirements.

Looking for more information about how you can prepare for GDPR? Check out, “Prep for a GDPR audit by building a GDPR compliance checklist” for your ultimate guide to data protection, and learn how you can stay in line with shifting data regulations beyond just GDPR with, “Keep pace with the evolving, far-reaching impact of GDPR.” And don’t forget to hit subscribe at the top of the page to receive the latest IT security insights from Tektonika.

Calgary eyes data mining as a new resource industry

Cowtown took a hit when oil prices tanked. But Calgary tech companies could hit pay dirt soon by going after resources that aren’t in the ground thanks to data mining. Like many Canadian cities, the Alberta capital has a burgeoning tech sector long overshadowed by traditional industries, but as laid-off oil workers and execs look to regroup, the city’s tech community is receiving more attention at a time when data is seen as a precious resource.

Menome Technologies sees potential for data in the post-oil era. The startup was founded by Mike Morley after he was laid off from the energy sector during the downturn. He believes data mining could replace drilling for oil as one of the city’s chief job creators, because data is the driver of the new economy. Menome helps companies deal with the data deluge—there’s no shortage of information available to businesses of all sizes across all industries, but the data is scattered across different systems that aren’t easily linked together. Morley created Menome to solve this problem.

Data mining is not new, but it’s getting more attention, as it’s no longer just the domain of larger companies, such as Netflix, Amazon, and Spotify.

Data drives streaming services

Just before Christmas, a single tweet from Netflix caused much anger and entertainment: The video streaming company called out the 53 customers who watched A Christmas Prince—a Yuletide movie it produced. It’s not just the mocking of its customers that drew ire, it was the realization that it and many other companies collect a great deal of data about its users.

Netflix responded to the furor by emphasizing the behavioural data it collects is used to better serve users—and is done so anonymously. It’s not alone: Music streaming service Spotify also got into hot water for making fun of users based on their listening habits, even though it was part of an ad campaign that sought permission from specific customers who participated. And like Netflix, Spotify collects data about users to make recommendations.

Both these incidents brought the concept of data mining to the attention of the average customer, but it’s nothing new. It involves sorting through large data sets to identify patterns and establish relationships to solve problems through analysis. The exponential volumes of data in scientific disciplines, such as bioinformatics, experimental physics, astronomy, and chemistry are helping tune various techniques that can be applied in health care, finance, insurance, retail, and telecommunications, among others.

Mining data illuminates health care trends to improve treatments and patient outcomes, helps insurance companies analyze risk, and allows businesses of many types to predict future trends, so they can plan accordingly and improve profitability. What’s changed in recent years is its pervasiveness in online services—it’s why you see a relevant ad from Amazon on Facebook right after you visit Amazon. But it’s no longer just the domain of large companies with deep pockets or university research labs with a supercomputer. Data mining has been democratized thanks to customer relationship management (CRM) tools and chatbots that engage users.

Startups, such as Menome, make it easier for companies to solve specific problems by harnessing data they’ve collected without investing in costly computer power and hard-to-find data science talent. Because it’s more accessible, it’s become an essential tool for companies looking to gain a competitive advantage.

Learn how data mining gets done

Businesses trying to figure out how to mine data should consider where it’s already heading:

  • Extracting data from various multimedia sources, including audio, video, and images.
  • Pulling data from mobile devices to gather information about individuals.
  • Compiling large amounts of information from different organizations to gather insight and build reports.
  • Grabbing information from environmental, astronomical, and geographical data for use in navigation applications, such as geographic information systems.
  • Studying cyclical and seasonal trends, as well as analyzing random events happening outside the normal series of events, including customer buying patterns and behaviours.

Understand the benefits of a new resource

One reason the business of mining data is appealing—aside from the fact that businesses want to draw insight from all the data they’re collecting—is they don’t have to be in a specific place to do it. While Calgary tech companies may see it as a way to reduce dependence on oil drilling, other cities are also poised to capitalize on the data deluge.

Local companies can exploit data by helping their municipality become a smarter city, including Calgary. In 2017, the Canadian federal government doubled down on its Open by Default Portal and earmarked millions of dollars for its Smart Cities Challenge. The evolution in the open data landscape is expected to continue in 2018, as open data providers and users seek to close the gaps between what’s here already and what’s needed for Canadian innovation. The City of Edmonton, for example, has led the Open Cities Index for the last three years, so the Battle of Alberta is further incentive for Calgary to shift its economy from oil to data.

If you conduct business in Calgary, this trend is worth keeping an eye on. Knowing how to collect and leverage data now will help you stay one step ahead of competition tomorrow.