Get a Head Start and Gain a Competitive Advantage: Privacy by Design for Small Business

Share Article

Commissioner Ann Cavoukian and Eduard Goodman, Chief Privacy Officer, IDT911, outline the basics for mitigating privacy risks

As a small business becomes more networked and data-intensive, personal information and customer trust are critical assets that must be protected. Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, and Eduard Goodman, Chief Privacy Officer of IDT911, today released a new white paper, Privacy Exposures and Risk Reduction Strategies for Small Organizations, to help small business avoid data breaches that are harmful to both brand reputation and costly.

Privacy policies and procedures alone, without a concrete strategy for implementation, will not protect an organization from privacy risks. Applying the basic concepts of Privacy by Design in a small enterprise setting is essential to avoiding the pitfalls of harmful data leaks. The new paper takes those proven concepts and incorporates them into the following seven steps that organizations should consider adopting:

1.    Implement a privacy policy that reflects the privacy needs and risks of the organization. Consider conducting an effective Privacy Impact Assessment.
2.    Link each requirement within the policy to a concrete, actionable item, such as an operational process, controls and/or procedures, in effect translating each policy item into a specific practice that must be executed.
3.    Demonstrate how each practice item will actually be implemented.
4.    Develop and conduct privacy education and awareness training programs to ensure that all employees understand the policies/practices required, as well as the obligations they impose.
5.    Designate a central “go to” person for privacy-related queries within the organization.
6.    Verify both employee and organizational execution of privacy policies and operational processes and procedures.
7.    Proactively prepare for a potential privacy breach by establishing a data breach protocol to effectively manage a breach.

“Small organizations that follow the guidance set out in this paper can achieve much higher operating efficiencies,” said Commissioner Cavoukian. “Instead of risking the enormous cost of a privacy breach, organizations that proactively take measures to prevent breaches make a cost-effective investment – leading to a substantial privacy payoff.”

“The headlines focus on privacy breaches at large corporations, but the reality is that small organizations are equally—if not more—vulnerable to privacy risks,” said Eduard Goodman, chief privacy officer for IDT911. “This paper outlines a sound approach to privacy management for smaller organizations that may lack the resources and expertise to reduce security risks.”

The full paper is available for review here.

About the IPC
The Information and Privacy Commissioner is appointed by, and reports to, the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner's mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians. The Commissioner's mandate also includes helping to educate the public about access and privacy issues.

About IDT911
Founded in 2003, IDT911 is North America’s premier consultative provider of identity and data risk management, resolution and education services. The company serves over 17.5 million households across North America and provides fraud solutions for a range of organizations, including Fortune 500 companies, North America’s largest insurance companies, corporate benefit providers, banks and credit unions and membership organizations. Since 2005, the company has helped more than 600,000 businesses manage their risk of data breaches. IDT911 is the proud recipient of several awards, including the Stevie Award for Sales and Customer Service and the Parent Tested, Parent Approved award for social networking monitoring tool SocialScout. For more information, please visit, and

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kelly Santos
Email >

Trell Huether
Email >
Visit website