Businesses may obtain cyber certification via CyberSecure Canada’s web portal

Sedona Conference Commentary on a Reasonable Security Test is open for comment until Nov. 18

Businesses may obtain cyber certification via CyberSecure Canada’s web portal

CyberSecure Canada, a federal government program, has launched an online portal to assist organizations in obtaining cyber certification.

Also in the area of data privacy, the Sedona Conference Working Group 11 on Data Security and Privacy Liability has released the public comment version of its commentary on a reasonable security test.

CyberSecure certification program aims to raise cybersecurity baseline among Canadian businesses

Innovation, Science and Economic Development Canada announced the official launch of the web portal on Oct. 2, to mark Cyber Security Awareness Month.

The certification program seeks to assist businesses in assessing, planning and implementing cybersecurity practices to protect their data and cyber activities against the direct and indirect effects of cyberattacks, such as litigation, intellectual property theft, reputational damage, critical infrastructure damage, financial loss caused by fraud, increased prices and loss of business or of jobs.

The program also aims to help organizations boost their competitive advantage, improve supply chain trust and confidence and strengthen their relationships with consumers and partners.

Navdeep Bains, minister of innovation, science and industry, noted in the news release that the COVID-19 pandemic has forced many businesses into remote and online operations and has led to a rise in cyberattacks, phishing scams and other security-related challenges.

“The new CyberSecure Canada certification program will help businesses protect themselves from these threats, give Canadians confidence in continuing to work and grow in the digital economy, and reduce the costs of cybercrime,” Bains said in the news release.

“While the CyberSecure certification is voluntary, many organizations are required by applicable privacy legislation — including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) — to implement appropriate security safeguards to protect personal information against loss, theft or unauthorized access, disclosure, copying, use or modification,” wrote Kristen Pennington of McMillan LLP in a privacy law bulletin.

An updated cybersecurity program is especially important amid the COVID-19 crisis, Pennington wrote, when businesses have moved certain functions online or have directed their employees to work remotely while using personal computing devices and less secure networks.

The Sedona Conference Commentary on a Reasonable Security Test is open for comment

The Sedona Conference Working Group on Data Security and Privacy Liability (WG11) is seeking commentary on a Reasonable Security Test it has developed — specifically, what the applicable legal test should be for courts and other adjudicative bodies in cases where a party has or is alleged to have a legal obligation to furnish reasonable security for personal information, and where the issue revolves around whether the party has complied with this obligation.

The public comment version of the commentary articulates the test as follows: “An information steward’s information security controls for personal information are not reasonable when implementation of one or more additional or different controls would burden the information steward and others by less than the implementation of such controls would benefit the claimant and others.”

Interested individuals may send their comments and suggestions to [email protected] by Nov. 18.