The Personal Information Protection and Electronic Documents Act (PIPEDA), also known as the Personal Information Protection Act (PIPA), was enacted by the Senate and House of Commons of Canada to support and protect consumers’ personal information held by private-sector organizations. The regulation applies to any organization that collects, uses,
or discloses personal information for commercial activities and for employment purposes, where the individual is a
current employee, or an applicant for employment, with the organization. Failure to comply with PIPEDA/PIPA can result
in a fine up to CAD $100,000.
Herjavec Group’s expertise and leadership in comprehensive security services can help you achieve PIPEDA compliance without sacrificing your business objectives.
Why Herjavec Group?
- We offer a hands-on, flexible approach, tailored to meet your organization’s uniqueness and requirements.
- We are a global organization with expert knowledge of multinational regulations and industry directives.
- From identity and access management to incident response, we have expertise and leadership in comprehensive security services to support your complete IT Security lifecycle.
- We bring decades of assessment experience and a keen understanding of specific technologies deployed in your environment.
Herjavec Group recommends that all organisations under PIPEDA jurisdiction undergo an initial Privacy Impact Assessment. While performing this assessment we adhere to the NIST SP 800 and ISO 27002 frameworks to validate weaknesses that may be exploitable, leaving personal data at risk.
We meet with your organisation’s stakeholders to identify how your organization protects personal information as it is collected, used, disclosed, stored and ultimately destroyed. These assessments extend beyond your core business operations to include third party contractors or business associates.
After the initial assessment and discovery phase, we deliver a detailed report including the risks identified and a roadmap to achieve compliance.
We work with you to develop a step-by-step action plan. We provide supporting documentation to ensure you can demonstrate your efforts if an audit occurs.
- Executive summary with insight into your current compliance posture and potential risks
- Security gap analysis prioritised according to impact on PIPEDA compliance
- Detailed roadmap and action plan for obtaining compliance, including conceivable shortfalls and a potential cost/benefit analysis
- Customized presentation and executive briefing to ensure accurate knowledge transfer
Following the initial PIPEDA assessment, used to address immediate and unique needs, Herjavec Group offers additional technical expertise and support in order to maintain continuous compliance and advance your security posture moving forward: