The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises

With privacy laws in Canada continuing evolve in order to address new technologies and new ways of doing business, small and medium business owners need practical information to help them comply with Canadian privacy legislation.

The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises provides business owners and managers with practical information on privacy issues faced by organizations in today's world of high-speed communication and massive data gathering – helping them to put in place effective policies and procedures to protect against privacy breaches.

Featuring a foreword by Jennifer Stoddart, Privacy Commissioner of Canada and an introductory chapter by Ann Cavoukian, Ph.D, Information and Privacy Commissioner of Ontario, The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises provides a comprehensive look at information security and privacy for small and medium businesses; managing and assessing risk; as well as providing guidance for business owners on building standards into their risk management practices.

Special features include:

  • A self-assessment to help determine your organization's information risks;
  • Ready-to-use advice on privacy and security risks in key areas such as accounts payable, sales and marketing;
  • A glossary of terms; and
  • A CD-ROM containing checklists, informative articles, training templates and a customizable privacy policy.


Part I Information Security for SMEs

Chapter 1 - The Role of Information
This chapter covers:

  • information as a valuable business asset
  • the role of information in business operations
  • the risks to which information is often exposed

Chapter 2 – Information Security
This chapter covers:

  • how to identify, assess, and avoid/mitigate risks to your organization
  • the benefits of employee education for risk identification and incident management
  • how to identify your confidentiality, integrity, and availability requirements
  • how to match the risk with effective security controls by combining people, processes, and technology

Chapter 3 - Security Planning: Plan to Work Securely
This chapter covers:

  • managing organizational risks
  • the four ways to address risk: avoidance, reduction, transfer and acceptance
  • creating and managing policies and procedures
  • applying data classification techniques
  • managing your human resources securely
  • managing your third-party relationships securely

It discusses security at the organizational level, including:

  • planning incident management
  • organizational policies
  • human resources security
  • data classification

Chapter 4 - Security Management: How to Stay Secure
This chapter covers:

  • managing IT assets
  • identifying physical and environmental hazards
  • managing access control
  • monitoring service levels
  • securely disposing of sensitive data

Chapter 5 - Internet and Communications
This chapter covers:

  • reducing the risks faced by your corporate website
  • working with host providers
  • transferring files securely
  • using e-mail and instant messaging systems securely
  • containing the risks associated with file-sharing technology

Chapter 6 - Wireless Communications, Mobile Devices, and Remote-access Security
This chapter covers:

  • the difference between different wireless security methods
  • how to keep mobile computer equipment safe and secure
  • how to connect remotely and communicate securely
  • how to manage the risks associated with USB storage devices

Chapter 7 - Data Backup and Restoration
This chapter covers:

  • identifying threats that impact your services
  • developing a plan to prepare for IT-related disasters
  • retaining data to prepare for a business-disrupting disaster
  • managing an incident

Part II Information Privacy for SMEs

Chapter 8 – Privacy Fundamentals
This chapter covers:

  • creating a privacy policy
  • adopting a privacy strategy
  • staying on top of current legislation

Chapter 9 – Assessing Your Privacy Risk
This chapter covers:

  • collecting and storing personal information
  • handling access requests
  • managing privacy challenges

Chapter 10 - Educating Employees About Privacy
This chapter covers:

  • what your employees need to know about securing personal information
  • how you can create a customized training presentation for your staff
  • what your company should include in its Code of Conduct signoff regarding privacy

Chapter 11 - Handling a Privacy Breach
This chapter covers:

  • the impact of privacy breaches
  • the sources of privacy breaches
  • prevention strategies

Part III Privacy and Security Risks

Chapter 12 - Risks by Process Area
This chapter covers:

  • addressing risks specific to individual business areas or departments
  • managing marketing-related risks
  • assessing your own exposure to risk in these areas

Part IV Guidance and Accountability

Chapter 13 - Standards and Legislation
This chapter covers:

  • the different laws that affect your practices
  • standards used in your industry
  • how to build standards into your risk management practices
  • how to work with auditors and consultants

Published by The Canadian Institute of Chartered Accountants, The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises can be purchased online at[1].