Privacy Consulting Services
Excela Associates provides a full slate of services to assist its clients in planning, developing and implementing effective strategies to manage personal information and comply with privacy legislation. We can identify risks associated with inappropriate information management practices and provide solutions to deal with them. If you need a privacy consultant, you need look no further than Excela Associates. The top menu provides more information about our consultants and services.
Excela can advise on any aspect of personal information management. We offer the services of highly qualified experts in privacy, information security and information management. Our consultants are all senior practitioners with many years of experience.
Sound management of personal information is just good business, regardless of your business sector, but it is also a matter of law. Canada has privacy legislation covering the public and private sectors nation-wide, both federally and provincially. There are few organizations in Canada that are not subject to privacy legislation.
In addition to generic privacy legislation, legislated privacy torts exist in British Columbia, Saskatchewan, Manitoba and Newfoundland and Labrador, allowing individuals to sue for invasions of privacy even if there are no financial repercussions. Other provinces do not have legislated privacy torts, but in 2011 the Ontario Court of Appeal created a tort of "intrusion upon seclusion" for severe invasions of privacy. This tort has since been recognized in other provinces.
As of May 2018 the EU's General Data Protection Regulation (GDPR) imposes strict privacy requirements on any organization doing business with EU residents. The regulation, which is more prescriptive than any other privacy law today, requires that subject organizations take specific actions for compliance, which may require modifications to existing business processes. Excela can assist Canadian organizations in planning for GDPR compliance.
Effective November 1, 2018, the breach notification provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) took effect. If you are subject to PIPEDA, it is mandatory to report breaches to affected individuals and the Privacy Commissioner of Canada "as soon as feasible after an organization determines that a breach has occurred." Similar breach reporting requirements exist under provincial legislation in Alberta and, for the healthcare sector only, in Ontario, New Brunswick and Newfoundland and Labrador.