An organization representing Canada’s chartered accountants has released a new guide aimed at helping small and medium-sized enterprises protect the increasing volume of sensitive data they collect.
The Canadian Institute of Chartered Accountants hopes the privacy and data security publication will help smaller companies avoid the costly consequences of dealing with a data breach and give them the information they need to comply with privacy laws.
“We’ve designed this tool kit to help people minimize the chances of a data breach, but in the unfortunate case that a data breach does occur, they can certainly use this tool kit to get them back on track,” said Nicholas Cheung, a principal in the assurance services department at CICA.
The document, entitled “The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises,” will offer organizations ready-to-use advice on privacy and security risks for departments such as accounts payable, sales and marketing.
In addition to a “best of resources” guide from privacy thinkers across the country, the tool kit will come with a CD containing PowerPoint presentations that can be used to train employees on data security and a customizable privacy policy.
“Included in the training templates are what we believe are the critical components you should give to your employees to teach them about privacy,” said Cheung. For organizations just starting up, he added, both the ready-to-use privacy policy and training exercises will send them on the right track immediately.
Another particularly useful resource for SMEs will be the self-assessment exercise, which Cheung said should help organizations determine the weaknesses in their current privacy and data security programs.
“Some of the questions on the privacy side will be, ‘Do you have a data breach protocol in place? Do you have certain components included in your privacy policy? Do you train your employees about privacy?’” he said.
On the data security side, organizations will be quizzed on what type of security measures they already have in place, whether they encrypt portable devices and what policies are already in place to monitor the use of mobile devices by employees.
The guide also includes introductory chapters by both Privacy Commissioner of Canada Jennifer Stoddart and Information and Privacy Commissioner of Ontario Ann Cavoukian.
Cheung said that recent studies continue to highlight that privacy and security awareness continues to be low to moderate among SMEs.
While large enterprises such as TJX Companies Inc. and TD Ameritrade Inc. have made headlines over the last few years, the impact of smaller data breaches cannot be overlooked, he added.
“Customers go to small and medium-sized organizations because of the close relationship and the extra service they provide, which is something they might not normally get in a larger organization,” said Cheung. “If you break that trust and break that bond, it’s going to have a big impact on your business. That’s why we believe SMEs should not take this lightly, make sure it’s an important issue and address it appropriately.”
The toolkit is now available in both French and English and can be purchased for $30 from CICA’s Web site.