What is the GDPR? The GDPR represents new legislation that is destined to replace the General Data Protection Regulation, which has been in place since 1995. The arrival of the digital age means that the way people understand and interact…
eDiscovery and Audits: The Solution to Unauthorized Access Electronic medical records (EMRs) contain sensitive personal information that is strongly protected in many jurisdictions. EMRs are protected under the Personal Health Information Protection Act (PHIPA) in Ontario by limiting authorized access…
By Aydin Farrokhi and Dr. Wael Hassan Today, the public has remarkable power and reach by which they can share their news, and express their opinion, about any product or services or even react to an existing state of affairs, especially…
By Aydin Farrokhi and Dr. Wael Hassan In Canada data protection is regulated by both federal and provincial legislation. Organizations and other companies who capture and store personal information are subject to several laws in Canada. In the course of commercial…
The daily life and economics of the global citizen depend each time more on a stable, secure, and resilient cyberspace. Even before was elected president, Donald Trump promised to make cybersecurity “an immediate and top priority for administration.” Yet, months…
Article 29 Data Protection The European Commission’s Article 29 Data Protection Working Party provides a useful set of criteria for evaluating anonymization methods in its “Opinion on Anonymization Techniques” (2014): Is it still possible to single out an individual? Is…
Detecting Inappropriate Access to Personal Health Information "While PHIPA has served Ontarians well over the last decade, rapid changes in technology and communications are demanding that we keep pace. With the growing use of electronic health records, the province needs…
Time for a New Vision Up until now, we have viewed privacy and security on the same sliding scale, through which it appears to be impossible to have one without hurting the other. Envisioning a country where privacy is prioritized…
Identity and Access Management (IAM) has two seemingly opposed purposes: to enable user access to information, and to block user access to restricted information. In fact, strong security and user-friendly access are by no means mutually exclusive: a mature IAM…
A set of enterprise requirements is considered compliant with the law if the requirements are legally consistent and compliant with respect to the law. Legal Compliance The figure above shows the proposed methods for consistency…