Personal Information Protection and Electronic Documents Act (PIPEDA), is a federal privacy law in Canada for private organizations, setting out ground rules to ensure that the private and confidential information about an organizations customers and employees are secured.
The foundation of the act is based on 10 fair information principles:
- Identifying purposes
- Limiting Collection
- Limiting use, disclosure and retention
- Individual Access
- Challenging Compliance
In November of 2018, an amendment was added to PIPEDA, which mandates that all private organizations must disclose any breach to the privacy commissioner, failure to do so could cost organizations up to $100,000 per violation.
The regulation requires an organization to ensure the proper safeguards are put in place specific to the sensitivity level of the information you are protecting. What makes this regulation unique is the fact that individuals and other organizations can challenge an organizations compliance to the 10 principles. In addition, organizations must be able to provide details as to what their security practices are, how they are implemented and what their remediation is in the event of a breach.
While most organizations focus on standard or typical perimeter security, which is necessary, the implementation of the Snare Security Suite captures the information and provides the 30,000-foot view, as well as a comprehensive dashboard of all activity within the network.
By tracking events that occur on the workstations and servers, such as process events or executables, user’s login activity, USB activity, File access and registry events, combined with activity from security devices (firewalls, endpoint solutions) alerts can be created via the dashboards to notify the system administrator of malicious activity thereby shortening the mean time to detection. The Snare Security Suite will allow you to respond quickly to mitigate and contain a breach or potential breach, allow investigation into the activities, thereby allowing the organization to shore up their defenses.
In addition, the Snare Security Suite can provide the forensics data for providing reports of historical events, for reporting in the event of a compliant to the office of the Privacy Commissioner.