New Tech, New Threats: Effectively and Safely Implementing New Technology

As technology plays an increasing role in our society, organizations should ensure they are aware of the contractual, privacy and risk mitigation best practices associated with emerging technologies.

Below are five key considerations organizations should bear in mind when implementing new technology:

  1. Contracting for digital solutions. Businesses are increasingly implementing new technologies — such as cloud computing, artificial intelligence and machine learning — in order to reduce costs, generate new revenue streams, increase customer engagement, and develop competitive advantages. In most cases, these businesses enter into agreements with technology providers for this new technology. Technology agreements for larger-scale projects and technology implementations can be complex, and need to be carefully drafted and negotiated to ensure that any new technology is implemented on time, on budget and based on desired specifications, and that any ongoing services satisfy the customer’s objectives.
  2. Reasonableness of collection. Increased use of technology can lead to over-collection or use and disclosure of personal information that is unrelated to the purposes for which the information was originally collected (e.g., technology put in place for safety purposes that is subsequently used for employee discipline purposes). Organizations should ensure they only collect personal information for reasonable purposes, which are identified to the affected individuals, and only to the extent reasonably necessary to achieve such purposes.
  3. Security and data protection. Organizations have a duty to protect the personal information they have in their custody and control. Effective and adequate security protections require three basic levels of protection: physical (e.g., locked filing cabinets and alarm systems); administrative (e.g., privacy by design, security clearances, access restrictions, staff training and contracts); and technological (e.g., passwords, secure tokens, encryption, firewalls, two-factor authentication and security patches).
  4. Retention and destruction of data. Privacy laws allow for the retention of personal information for as long as reasonably required to accomplish the purposes for which it was collected, including any legitimate legal or business purpose. Once such purposes have been fulfilled, personal information should be destroyed in a secure manner. Accordingly, organizations should ensure they have and are applying retention and destruction policies to technological data. This includes ensuring data being stored, analyzed or processed by third-party service providers (e.g., cloud computing) is also securely destroyed in accordance with appropriate retention and destruction policies.
  5. Effective cybersecurity. New technologies can contribute to cost savings, improved safety, increased efficiencies and a lower environmental impact. However, new technology can also mean new threats. In order to mitigate such threats, organizations should be vigilant with their cybersecurity regime, which should include an incident response plan, to ensure any cybersecurity breach is addressed in the most effective manner possible. To have an effective incident response plan in place, organizations should: draft it considering key elements (e.g., response team, notification procedures, documentation procures, media protocols and investigation procedures); test it (e.g., run an incident simulation and adjust the plan based on its effectiveness); establish agreements with third-party vendors in advance (e.g., public relations, investigation teams and external counsel) and review it on a regular basis.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Blake, Cassels & Graydon LLP | Attorney Advertising

Written by:

Blake, Cassels & Graydon LLP
Contact
more
less

Blake, Cassels & Graydon LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.