Data Privacy Day 2022
On International Privacy Day 2022, it is important to emphasize that the use of data and analytics makes the lives of Canadians better. Now, more than ever, we need data for effective decision making. The social and economic benefits are clear. It is equally important that data firms understand, maintain and protect the trust between individuals and the organizations they provide their information to, and provide transparency to all stakeholders.
Here is an update on how we view privacy in our work.
EA is a data, analytics and marketing services company that helps clients turn data into insight, strategy and results. To accomplish this, we commit to our clients that we will:
- implement and maintain the highest standards of privacy, controls and procedures to safely manage their data
- strive to achieve the highest degree of corporate ethical conduct
- be transparent, accountable, and responsible on our use of data
- undergo strict 3rd party audits to report on our delivery of the above
- engage and promote “data for good” purposes to help answer questions and decisions on our society, economy, policy, public health messaging and much more.
Privacy and data security is a complex subject underpinned by a combination of legislation, policies, procedures and more. We understand this and we take it very seriously. I have summarized below the actions we take.
Privacy Compliance Within the Organization
Beyond our company's adherence to established personal information protection guidelines and legislation, we understand that it is ultimately every one of our employees who deliver on our promise to use data in a transparent, compliant and ethical way.
Privacy compliance involves accountability, investment and commitment. We have implemented administrative, technical and physical security safeguards with respect to data management. EA also adheres to strict privacy principles as stated in our Privacy Policy and promotes information management practices in a manner consistent with the provisions in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian Anti-Spam Legislation (CASL), General Data Protection Regulation (GDPR), as well as U.S. Privacy legislation such as the Gramm-Leach-Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). In addition, we undergo SSAE, SOC1, SOC2, HIPAA, and TRUSTE Data Collection Certification audits as well as third-party penetration and vulnerability tests on an annual basis.
Product Development
First among our privacy compliance practices are those embedded in product development: how we build the databases that thousands of users rely on everyday – PRIZM®, DemoStats, Social Values, OPTICKS, WealthScapes, MobileScapes and many more. Our databases do not use Personal Information as inputs. Instead, we use anonymized and/or aggregated data from reputable sources including governments, market research companies, data aggregators and providers of new “big data”. Our expert data scientists model the data to small area geographies such as a postal code or neighbourhood. The algorithms and workflows have been built over decades and many are proprietary to EA. These methods produce high-quality normalized and representative results that are de-identified, aggregated and have no possibility of re-identification. Every EA product goes through an industry standard Privacy Impact Assessment prior to release.
Data Governance
We have a comprehensive data governance program. The program incorporates policies and processes related to data security, storage and retention, access controls, data flows, anonymization, data quality and privacy approvals. Every operating department has a Data Steward who is responsible for training, compliance and best practice within their department. The Data Stewardship program is a forum for internal education, awareness building and communications to staff regarding support, skills, tools and methods on data management.
Making Innovation and Privacy Work Together
It is not a surprise that data analytics have played a crucial role during this pandemic. And this acceleration of data development will continue beyond the end of the pandemic. In 2022, we have helped many organizations gain more relevant insights by producing more data, faster. We are modernizing production processes, enhancing our legacy platforms and building new ones to respond to market needs. With significant investment in these projects – all part of our Futures Lab – we are embedding privacy assurance into everything we do. And we are not just ensuring adherence to current laws and regulation but embedding practices based on ethics and analytical fundamentals so that we are “skating to where the puck is going to be”. Embedding privacy into the design and architecture is an essential requirement of our core service and the value we deliver.
Going Forward
Businesses, governments and policy makers need to be able to use data to achieve goals and solve complex issues, while also protecting consumer privacy. The two can and should work together.
Data privacy and security have been, and will continue to be, of central importance in the development of our products and delivery of our services. This includes monitoring proposed legislative changes and ensuring that we are well-positioned to implement changes in requirements as needed.
If you have any questions regarding our policies and procedures, please feel free to contact me. Let’s keep the conversation going beyond International Privacy Day.
Jan Kestle is the President and CEO of Environics Analytics, Canada’s leading data analytics and marketing services company. She is a member of the Canadian Statistics Advisory Council, the Board of Directors of the Canadian Marketing Association, the Advisory Board of Western University’s Morrissette School of Entrepreneurship and the Dean’s Advisory Council for Ted Rogers School of Management at Ryerson University.
Environics Analytics is an active member of the Canadian Marketing Association’s Privacy and Data Advisory panel, the Canadian Anonymization Network (“CANON”) and the International Association of Privacy Professionals
PRIZM is a registered trademark of Claritas, LLC.