Jan 28, 2021, 08:32 AM by Jan Kestle, Founder, President and CEO of Environics Analytics

 

On this International Data Privacy Day 2021, I want to emphasize the continued priority we place on data privacy and security in all aspects of our work. This past year has been dominated by news of the pandemic and its impact — economically and socially — as organizations struggle to maintain a degree of normalcy and business continuity. As we continue to adapt to this ‘normal’, our commitment to data privacy and security remains unchanged and we continue to explore opportunities, both internally and externally, to improve our policies and processes. 

The Canadian government is also active in this area with the ongoing pursuit of regulatory changes to the federal Personal Information Protection and Electronic Documents Act (PIPEDA), now to be renamed the Consumer Privacy Protection Act or CPPA. It is therefore incumbent on all stakeholders — government, businesses, not-for-profits and consumers — to be part of the dialogue ensuring that the appropriate guardrails are in place to protect consumer privacy while enabling organizations to use data responsibly and securely.

Upstanding Privacy and Security Standards

As a dynamic, data-centric business focused on making peoples’ lives better and our clients more successful, we are fully committed to executing beyond basic compliance requirements. Clients expect the highest privacy and security standards from us, which is why we continue to invest in privacy controls, security tools, risk measurement and annual audits. 

In the interest of brevity, I have summarized below some of the actions we have taken to raise the bar in these areas. 

 

Responsible Data Use

Environics Analytics values and adheres to a comprehensive set of privacy principles that enable us to be a responsible member of the marketing and analytics community. We are committed to upholding values and principles such as: 

• Using 100% privacy compliant, anonymized data as inputs for our data product development.

• Data we process must be as accurate, complete and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.

• Data that we process for any purpose are not kept longer than is reasonably necessary for that purpose.

 

Accountability 

We are responsible for all information under our control. Accountability is the first fair information principle in the federal Personal Information Protection and Electronic Documents Act (PIPEDA), and we strongly believe that this principle is the foundation to our effective corporate privacy framework.

These are the focus items: 

• Environics Analytics promotes information management practices in a manner consistent with the provisions of PIPEDA, the 10 Fair Information Principles, US Privacy Laws, as well as with the General Data Protection Regulation (GDPR) in the European Union.

• Transparency and privacy go hand in hand. Increasing transparency on how and why data are collected and how they are used benefits us in our management of data within the organization.

• Recognizing that privacy management is an evolving process, we continue to invest in 3^rd party audits for ongoing assessment and revisions to be as effective and relevant as possible.

 

Safeguards — Administrative, Physical and Technical Considerations

Whether information is sensitive (such as financial or health information) or not, all confidential information must be appropriately safeguarded and only used for the purpose(s) for which it was collected.

Environics Analytics has implemented these measures to securely manage information: 

• Embedded privacy into the design and architecture of our products and IT systems, as well as business practices to ensure privacy is an essential component of the core service and the value we deliver. 

• Personal information is not required by EA for most analytics initiatives and we actively restrict receiving personal information from clients. In those instances where personal information may be required, the data are used solely for the purpose intended and are safeguarded in client-specific firewalled locations in secured data centres. We encrypt files in transit and at rest, and limit employee access using role-based access controls. 

• A function of the EA Privacy Management program is privacy and security awareness training. All staff and subcontractors have increased awareness regarding privacy laws, policies, risk, security, data governance and associated procedures.  

 

Going Forward

Environics Analytics will pay close attention to changes to the draft legislation as it moves through Parliament. Though it remains to be seen which specific legislation will be adopted, what is clear is that Canadian privacy law is changing, as it is in the US, and we are well-positioned to implement stricter requirements.   

As an organization, our commitment to you is that we will continue to invest in privacy and data security programs to ensure that our data are managed in strict compliance with the laws and that continue to enable you, our clients, to make better data-driven decisions with confidence.

Wishing you a happy and secure International Data Privacy Day 2021.

 

Jan Kestle is the President and CEO of Environics Analytics, Canada’s leading data analytics and marketing services company. She is a member of the Canadian Statistics Advisory Council, the Board of Directors of the  Canadian Marketing Association and the Advisory Board of Ryerson University School of Geography.  

Environics Analytics is represented on the Canadian Marketing Association’s Privacy and Data Advisory, Standards Council of Canada - Canadian Data Governance Standardization Collaborative, GDPR Working Group, and the International Association of Privacy Professionals.

 

Read our Privacy Day 2020 Open Letter

Read our Privacy Policy