
CARL ROBILLARD, CPA, M. SC.
Partner, Digital Transformation and Efficiency Advisor, Strateg-TI Consulting
Holder of the CPA title and a Master's degree in Management (M. Sc.) from HEC, he has been involved in IT solution deployments since 1998. Now a certified auditor-accompanying officer for various government programs and audits, he helps determine the level of digital maturity of organizations and proposes adapted… and realistic! roadmaps.
He acquired a diverse experience as a solutions deployment consultant, manager and even chairman of a board of directors. In various roles, he contributed to more than 250 mandates and also had the chance to implement solutions in several types of industries and organizations of different sizes.
His goals are to enable employees to be more efficient through technology so they can be with their loved ones instead of working overtime. That's his real motivation.
CARL ROBILLARD
ABOUT
(
You may also like
)
The Commission d'accès à l'information du Québec is responsible for enforcing the new legislation, which also gives it increased powers to monitor and enforce the law, including imposing fines for non-compliance. It is now clear that organizations can no longer neglect to implement best practices in data governance and ensure its security.
Where to start?
For compliance with Law 25, your CPA is one of the experts who could direct you to the right resources.
Alongside legal requirements, information security concepts are also becoming increasingly important. Indeed, the continuity of your business and your reputation depend on it.
If you're not already comfortable with the essential aspects of maintaining the confidentiality, integrity, compliance, and availability of information within your organization, here's a quick overview of each element.
Educate and train staff: It all starts with humans, because in 2023, they are still the source of the vast majority of security breaches. It is essential to raise awareness among your staff about the importance of data security by providing them with regular training on best practices in data protection. All employees must be able to identify potential threats, such as phishing attempts.
Technical security: Firewalls, antivirus, intrusion detection solutions and other security tools help protect your IT infrastructure against several types of attacks.
Data Governance: Establish clear policies on data management by defining responsibilities, rules for access, sharing, storage and destruction of information. Ensure that these policies are updated regularly and remain in line with the regulations that apply to you.
Encrypt sensitive data: Encryption ensures that only authorized people can access the data. These encryption mechanisms make your sensitive data “invisible” to anyone who does not have the key to decrypt it.
Access and Permission Management: Each user should have only the access and permissions needed to perform their tasks. Implement a strong authentication system with a combination of strong passwords, two-factor authentication, and identity and access management.
Perform regular backups: Implement data backup policies and regularly verify their restorations. This is your last line of defense against permanent data loss in the event of a glitch or major disaster.
Managing your data security is an iterative process that is constantly evolving. Conduct regular posture assessments, such as internal audits or penetration tests, to identify potential vulnerabilities and, most importantly, address any gaps.
Data security is everyone's business!
Governance, data security and legislation
2023-07-18
CARL ROBILLARD
5 minutes

When it comes to data security, threats are multiplying and horror stories are making the news: data leaks, breaches of confidentiality, file systems taken hostage by cryptolockers ... Managers no longer know where to turn and must now deal with Bill 25 , which is now in force. While the pandemic has profoundly changed the world of work, Bill 25 has a major impact on how personal information should be handled within organizations, or more simply, on the governance of your data.
This law is not entirely new. It mainly modernizes and updates legislative provisions already in place in Quebec. It aims to strengthen the rights of individuals in terms of the protection of personal information . Key points include:
* Introduction of a right to data portability which allows individuals who request it to retrieve their personal information which is held by an organisation.
* The law establishes the concept of informed consent for the collection, use and disclosure of personal information. In practice, organizations must obtain explicit consent from individuals before processing their data, except in certain specific and clearly defined circumstances.
* Companies are now required to implement appropriate security measures to protect data, and most importantly, to notify security breaches within the prescribed time limits and to keep a record of activities .
* Organizations must establish and publish their policies and practices for the management of personal information. They have an obligation to designate a person responsible for the protection of personal information within the organization.