This presentation will explore how privacy laws affect the Canadian software industry.

All organizations in Canada, regardless of size, are subject to privacy legislation. The privacy laws in Canada (and beyond) impose significant restrictions on collecting, using, and disclosing personal information, and require that it be adequately safeguarded, including from unauthorized access within an organization. Non-compliance may result in fines of up to 100,000 per incident, lawsuits, and reputation damage.

IT systems developers, project managers, consultants and auditors now have to consider privacy implications when developing, implementing, or reviewing systems. Independent consulting developers have to be aware of how the privacy laws affect them.

This session will review the Fair Information Practices that the privacy legislation incorporates, discuss their implications for IT security and audit, and provide some practical guidelines to minimize the risk of non-compliance.