First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

data protection

Adequacy of Canadian privacy law

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states.

 

, , , , , ,

Hospital privacy breach results in OSC laying charges

The Ontario Securities Commission has announced a series of criminal and quasi-criminal charges following an investigation related to the misuse of confidential patient information from the Rouge Valley Health System and the Scarborough Hospital.

 

, , , , , , ,

What critical elements should appear in every third-party service provider contract?

Whenever data leaves the control perimeter of a company, there is a risk that the data will not be protected at the same level of security that is required by company policy. It is essential that data created, stored, manipulated or transmitted by a third party on the company’s behalf be accorded the level of protection that is defined by the company’s standards and policies.

 

, , , , , , , , , , , , , , , , ,

Protecting sensitive data against the insider threat with data masking

With an overabundance of information being stored or created in electronic format, and various tools for turning data (i.e., personally identifiable information, intellectual property, credit card) into cash, goods, and other services, the risks of doing business have increased. We are hearing more and more about attacks where the target is sensitive data, and the perpetrators are those with elevated levels of trust and access within the business.

 

, , , , , , , , , , , , , , , , , , , , , , ,