Privacy concerns have lately gained some serious momentum, as Daniel Therrien, Canada’s Privacy Commissioner, has warned that existing laws are behind international standards. This stalling appears to be a brake on Canada’s economy.

“The most apparent reason for the government to take its time in acting appears to be a concern that privacy legislation might impede innovation and economic growth. This is an argument that we hear fairly frequently”, Therrien said during a press conference. “My point is that it is exactly the reverse. The status quo is that Canadians, at the level of 90%, are concerned that their privacy is not protected. That is not conducive to trust”.

The Privacy Commissioner’s message hints that it falls on enterprises to protect and enforce customer, employee and partner privacy. This is not necessarily the best of news for businesses, as they’re likely struggling with COVID-19, a remote workforce, and the security vulnerabilities they introduce. It just looks like Canadian companies now also have to tackle data privacy, an area often at risk, given the rapidly expanding threat landscape.

When asked about enterprise security, most companies feel that it is an energy-draining topic, and are left wondering where to start. So, let’s think of it as a set of proactive actions that will help you improve your security hygiene, with a little help from experts. A holistic cybersecurity strategy involves multiple layers, ranging from data security and privacy to endpoint security and digital risk protection.

Digital risks: the overlooked kill chain

What are digital risks? To be fair, that’s a question everybody’s been asking for the past decade, but no common ground has been reached. Data leaks, for instance, are an example of digital risks you should pay attention to.

Considering that 165 million sensitive records were leaked in the United States in 2019 alone, more businesses are starting to understand they are exposed to digital risks, due to poor privacy policies and data security. Your corporate conversations might no longer focus on fines or regulators’ investigations, but on the damage caused by negative media attention and losing your customers’ trust.

The Canadian Internet Registration Authority (CIRA) reported that there was a 58% decline in data breach reports in 2020 compared to 2019. This is not necessarily due to a decrease in the digital risks companies face. Rather, 64% of companies decided it was best to keep quiet, fearing reputational damage linked to privacy issues. Not only has their reputation been affected, but now they will also have to handle PIPEDA, Canada’s Personal Information Protection and Electronic Documents Act.

A global study has found that businesses which showed accountability and invested in data privacy and security achieved operational and competitive advantages, and saw an average return of 270% on their investment. Investments in digital risk protection to ensure privacy and security could help you strengthen your infrastructure and maintain customer loyalty.

Depending on your industry, privacy and security issues can be intimidating, especially since big data has been growing exponentially, given the adoption of mobile technologies and IoT. Think of top industries such as healthcare and financial services, and what a compromise of their critical digital assets might entail. Privacy and data security should be on top of your mind.

Enterprise security is key to customer trust

A data breach often results in leaks, which may compromise your credentials for corporate systems, technical code and proprietary documents, and customer information. Your security team can benefit from tools that scan the web for sensitive data, even across illicit markets on the dark web, to deliver enhanced transparency and visibility over their digital footprint. When the tools come with instant threat remediation, you instantly gain a protection boost for your publicly accessible assets.

Once they get their hands on sensitive employee, customer and partner data, malicious actors can sell it, dump it on the dark web or use it in various illicit transactions, such as identity theft and fraud. Social media accounts are now the latest trend for cyber criminals to expose PII (personally identifiable information). Data leak identification should be a critical component of your enterprise security to mitigate the effects of a data breach.

In their current format, which dates to 2015, Canada’s privacy laws cannot protect businesses and citizens from data breaches, as confirmed by the Privacy Commissioner. It is up to the cybersecurity community and corporate world to come together and find the best solutions. Not only will accurate data breach reporting help improve existing legislation, but a thorough understanding of digital risks and the threat landscape could save money and retain customers’ trust.