Geek looking at data

Environics Analytics Achieves ISO 31700-1 Privacy by Design Certification, Reinforcing Commitment to Data Protection

Nov 2, 2023, 10:58 AM by Environics Analytics

EA is proudly one of the first organizations in the world to receive this new certification awarded by MSECB

Toronto, November 2, 2023 –Environics Analytics (EA), Canada’s leading marketing and analytics services provider, today announced it has received the new ISO 31700-1 Privacy by Design certification awarded by MSECB, demonstrating EA’s dedication to safeguarding privacy while helping Canadian businesses be data-driven. This certification will assure clients and partners that EA products meet regulations and standards and are built with industry best practices, all of which are critical in an era of new regulatory safeguards and populations concerned about use of their data.

EA obtained the ISO certification by demonstrating that privacy controls are embedded into product development, modelling and analytics methods and practices following seven foundational principles – proactive, not reactive; privacy as the default setting; privacy embedded into design; full functionality; end-to-end security; visibility and transparency; and respect for privacy of data owners.

EA advanced its privacy program by partnering with KPMG to assess EA’s Big Data and Small Data product development, modeling and analytics. In addition, Replica Analytics was engaged to perform a third-party expert assessment of re-identification risk. These assessments resulted in implementing the use of synthetic data, various statistical modeling techniques, as well as enhanced transparency, consent, necessity and proportionality principles.

“We are thrilled to be one of the first companies in the world to have achieved the new ISO Privacy by Design certification,” says Jan Kestle, President of Environics Analytics. “Privacy is fundamental to our work, and this certification is an important next step as we evolve the policies and processes that we’ve built over the past 20 years. Privacy-enhancing technologies, staff training and governance layers that we have built for our internal processes are also applied to our clean room technologies that help organizations collaborate without sharing data.”

Key highlights of EA’s Privacy by Design certification include:

  • Data protection throughout the product lifecycle: EA has implemented robust data protection measures at every stage of product development, from conception to retirement, within a culture promoting data security.
  • Privacy management program: EA’s on-going privacy program features fair information principles, including accountability and transparency. In addition, annual independent audits and certifications – including but not limited to ISO 31700-1 – ensure that there is external review of our adherence to industry standards.
  • Employee training: EA has invested in comprehensive employee training programs to raise awareness about privacy and data protection, ensuring all employees understand their role in respecting the privacy of data providers.
  • Privacy impact assessments: EA conducts regular privacy impact assessments to identify and mitigate potential privacy risks associated with its products and services.
  • Privacy-enhancing technologies (PET): EA uses industry-leading PET methods, including data minimization, abstraction, estimation, synthetic simulation and anonymization in conjunction with a risk quantification and compliance threshold testing paradigm.
  • Continuous improvement: EA is committed to improving its privacy practices and will regularly review and enhance its privacy policies and procedures.
  • Comprehensive governance framework: EA employs a structured set of guidelines, processes, policies and practices to ensure its operations and decision-making align with strategic objectives, legal obligations and ethical standards.
  • Data quality: EA emphasizes data accuracy, ensuring data are consistent and complete to avoid biased analysis. Data validation and expert cleansing processes are also fundamental steps.

Privacy as a Core Principle – In Policy and Practice

A comprehensive and integrated approach to privacy yields benefits, as it considers a wide array of contextual factors. These factors include the client’s intentions and objectives when using EA’s products. When data are used responsibly, people’s lives improve – socially and economically. By adhering to the rigorous ISO 31700-1 standard, EA can provide assurances that its data are of high quality and that privacy is ingrained in everything EA does.


Contact: James Smith

Chief Compliance, Risk and Privacy Officer



Back to top