Once Bill C-30 in implemented the entire Canadian business community will be systematically stripped of data security by the state. This will means that all SLAs will be open to legal proceedings. Any company holding a SLA that makes a guarantee of data security to its customers will automatically be in breach.
This of course represents an enormous business opportunity for the professional legal community. Law suits can be issued against any company who guaranteed data security to a customer. Some examples are banks, payroll companies, internet service providors, online stock trading services, and any SaaS online business solutions just to mention a few examples.
Here are some articles regarding data security and Service Level Agreements:
Follow these links:
“Breaches of contract occur when one party to a legally binding contract does not provide a product or service to another party as agreed upon by the deadline specified in the contract. If a contract does not specify a time limit, the breach of contract occurs when the other party takes no steps to rectify his error. The wronged party can take steps to reclaim services, money and products owed to him through a court of law by suing the other party”
“74% report loss of customers. – 59% faced potential litigation.”
“What cyber risk exposures or legal liabilities should a business worry about when outsourcing to a consultant, partner or cloud provider?
The key thing to realize is that in most cases when a vendor or third party is given access to a company’s or data owner’s sensitive information, the company is still responsible and legally liable for that information. So the data owner needs to know ahead of time what kind of controls are in place for security, who owns the information, and what will happen during a security event. All of this should be established up front so that if, and when, there is actually a security breach, the response will be swift and cooperative.”
With the ability of Canadian security agencies to access personal e-mail, they will also have access to a wide assortment of confidential personal banking information.
E-mails contain a wide assortment of banking information. User names and passwords, email money transfer records, and banking statements for example. As banks will no longer own their data security they will no longer be able to promote thier services as secure to customers – they either own security completely or not at all.
This is personal banking information and does begin to consider the security breach for confidential business information. Companies operate financially out of business accounts operated by banks online and will have all of thier business transations at the risk of being exposed.
We live in an age where for some time now business can be summed up as data – period. Everything that happens in business is shared, archived, calculated and executed on data-base driven applications and storage platforms. In order for these business processes to execute they require one key asset above all – security.
Data ownership can, in principle, be summed up as security. Data is only owned by a company when they control the access to it, and access is critical to operations with a client. No one is going to put thier money in a bank when the account information is publicly displayed. This may seem obvious to some.
Bill C-30 would allow national security agencies access to any internet server providor (ISP) in Canada without a warrant. Now it is important to note that this bill does not make any distinction between personal data and business data. What makes this more of a concern, and a very serious one, is that personal communcations frequently contain confidential business data.
I will address the problems with Bill C-30 in regard to business security in a series of posts coming up shortly where we will look at specific examples of how the loss of data secuity under Bill C-30 will impact Canadian business.
This blog will examine Bill C-30 and it’s impact on Canadian business with a special focus on data security.
The link provided is an example of a service level agreement or SLA. It is a guarantee to the customer of a company of service details to be expected when they engage the company and it’s services. You will note that one of the key items in the SLA is the outline of security considerations. These security details are often written as legal agreements into the SLA and form a critical feature before a company can sell it’s services to a customer. There are countless such legal
agreements in operation between companies and thier clients in Canada.
If Bill C-30 were to take affect this would strip Canadian businesses of the power over their data security, every one of these agreements would be broken. This would allow the customers to take legal action against the companies for the breach of service.
An example of type of law suit can be found here:
When Bill C-30 nationally strips Canadian businesses of thier security control there will be a mass wave of law suits in a reaction of the loss of service written into these business agreements.
Access to the Bill can be found here.