Privacy document crucial for Canadian organizations: Chubb underwriter

A guideline from the federal privacy commissioner on how organizations should handle data security is a “very important document” for privacy management, says Matthew Davies, a senior underwriting specialist with Chubb Canada. The Office of the Privacy Commissioner of Canada and its counterparts in British Columbia and Alberta released the guidance document, entitled Getting Accountability Right With a Privacy Management Program, on Apr. 17. It sets out key steps for organizations to be in compliance with federal and provincial privacy legislation, such as hiring a privacy officer, implementing policies and education and risk assessment. “This document basically outlines how a breach will be investigated and what kind of things privacy regulators expect from a company,” says Davies, who oversees cyber liability and professional media coverage for Chubb. “Organizations should be looking at this carefully in terms of guidance and compliance on privacy and data breach protocols.” Davies also notes that cyber insurance liability policies are on the upswing so far this year, with more than 25 insurance carriers offering some form of cyber risk protection. “We have seen a 40% increase in submissions on a month-by-month basis, compared to the same time last year,” he adds. “I think organizations are recognizing this is not just an information technology concern, but an enterprise risk management issue.”