STRATEGY AND POLICY

Strategy and policy are at the heart of any effective information management program, whether or not it is privacy-focused. Without an effective strategy and pragmatic policies and procedures to govern information management operations, the organization is virtually certain to suffer from privacy breaches and other failures of information management.

Excela Associates can assist you in the development of strategy, policy and procedures for any public or private sector organization, regardless of its jurisdiction, industry or size. Excela's president and associates have long experience in the development and implementation of strategy, policy and procedures, whether for privacy or for any other aspect of information management.

We have developed privacy policies and strategies for clients in Alberta, Saskatchewan, Ontario and Newfoundland and Labrador, in the public, healthcare and private sectors. We have also assisted Alberta's Office of the Information and Privacy Commissioner in the development and implementation of privacy impact assessment standards for that office.

Insofar as privacy compliance is concerned, we are experienced in the interpretation of all privacy legislation in Canada.  We are experts in the implementation of privacy practices in sensitive areas of business operations, including security, contracting, human resources, marketing, customer relationship management, data mining and others.

We can also assist Canadian organizations that need to address compliance issues associated with the EU's General Data Protection Regulation (GDPR).  The GDPR requires more stringent privacy protection measures than any Canadian legislation and has stiff penalties for noncompliance, ranging up to 4% of global revenues. While Canada currently has adequacy status, meaning compliance with Canadian privacy law is considered by the EU to be adequate for compliance with EU privacy law, there is some doubt about whether that status can be retained after the GDPR  goes into effect in 2018. Canadian organizations doing business with EU citizens need to plan for the GDPR.