In the 1950s, Big Brother had everybody terrified about what a digital invasion of privacy would look like.
But 1984 came and went, and we all relaxed.
Then came mobile devices, and suddenly we were eagerly giving away our private information to worldwide organizations in return for things like discounts at local restaurants.
But what goes around comes around, and GDPR, CCPA, and other similar acts are testimony to our desire to take a step back and regain a little more control over our private information.
Canada’s Bill C-11, otherwise known as the Digital Charter Implementation Act (DCIA), is the latest regulation to come onto the scene and demand a higher standard for the way the private sector protects consumers’ privacy.
What is the Digital Charter Implementation Act?
The DCIA replaces the Personal Information Protection and Electronic Documents Act from 20 years ago. The Digital Charter covers aspects of digital policy ranging from increased digital access for Canadians to measures that protect democracy and accurately identify hate speech.
Among DCIA’s implications for privacy and the treatment of personal information are:
- More consumer awareness and control over what personal data they are sharing, who is using it, and for what purposes.
- More transparency in how businesses use personal information to make recommendations to consumers.
- Requiring businesses to help individuals transfer or delete their personal information.
- Increased powers for the Office of the Privacy Commissioner.
- Clear and monetarily significant penalties for violations of the privacy regulations.
The DCIA is based on the Consumer Privacy Protection Act (CPPA), which sets out the regulations for consumer privacy, and the Personal Information and Data Tribunal Act, which sets out the framework for enforcing penalties for violations.
Learn How Data Lineage Can Accurately Trace PII
Check out our latest eBook "The Essential Guide to Data Lineage in 2021"Download the eBook
What do you need to achieve DCIA compliance?
The key to DCIA compliance is a strong handle on your data: how well you can control how consumer data is collected, utilized, and disclosed.
If that sounds a little broad and vague, let’s take a look at some specific examples:
Let’s say you have an algorithm-based program that shows ads or makes service recommendations to customers. You may need to show exactly how the algorithm uses your customers’ personal information to determine what ads or recommendations are most relevant.
When it comes to banks, a customer may ask you to transfer all their information to a different bank where they are setting up a new account. Under DCIA, you must enable that.
If said customer then wants you to delete their account and every byte of their personal information from everywhere it appears in your bank systems, you need to enable that – AND be able to prove that you did it.
That’s a tall order.
Preparing for privacy professionalism
If you have systems in place that enable you to accomplish all of the above, take a deep sigh of relief.
If not, take a deep breath and prepare to come up to speed on the compliance rollercoaster.
A key system to smooth out the bumps is a metadata management platform that includes automated data discovery and automated data lineage.
Automated data discovery allows you to instantly locate data spread throughout your entire BI environment, with about as much effort as a Google search.
Need to find a customer’s credit card number everywhere it appears in your systems? Check.
Need to send a consumer’s PII to oblivion? Check.
Need to prove you sent the customer’s PII to oblivion? Double check.
Automated data lineage, on the other hand, lets you pick any data point in your system and trace its journey end-to-end. This allows you to see what happened to it along the way and how it influenced other data in your system.
Need to quickly identify which fields throughout your BI system contain PII so you can mask or depersonalize them? Check.
Need to show the basis for giving a particular recommendation to a particular customer? Check.
Need to sit on the beach while your system answers compliance auditors’ questions all by itself? Well, not quite yet.
But if you do decide to head to the beach, we won’t get involved.
After all, we value your privacy.