At the end of September 2018, the U.S., Canada and Mexico struck a deal on trade and announced the framework for a new and revised NAFTA, now known as the United States-Mexico-Canada Agreement, or USMCA (or, more simply, the “new NAFTA”). The updated version of the trade agreement – which is nearly 25 years old – includes major changes on cars and new policies on labor and environmental standards, intellectual property protections, and some digital trade provisions.

The deal was signed on November 30 when US, Canadian and Mexican officials convened in Argentina for the G20 Summit. The new law is still awaiting legislative ratification in all three countries.

At the IdentityNORTH Annual Summit this past June, NAFTA was a subject of much discussion, as the new agreement includes a new chapter on digital trade. The modernized agreement affects Canada’s tech sector, as it limits requirements placed by the government on where data is stored or transferred, and extends intellectual property.

“There’s been a lot of discussion around GDPR, and the impact of that,” said David Broad, Information and Security Lead at Echoworx, at the start of a talk about the NAFTA threat to Canadian organisations.

“There’s a lot of fear, so I’ll try to dispel those myths and show that GDPR is actually an incredible opportunity right now, especially with NAFTA and what’s happening south of the border.”

Echoworx does encryption for email, offers capabilities, and operates in North America, Ireland and the UK, with customers in more than 30 countries around the world.

Broad has more than 20 years of experience in security, but noted: “I’m not a lawyer, and this isn’t legal advice.”

Recent studies show that breaches are continuing, he said, and any cybersecurity or information security professionals know that. With GDPR there are a lot of risks, and that scares people.

“People say we should probably avoid Europe. In the U.S., lots of companies are blocking European access just because they’re afraid of GDPR. It’s not that easy.”

In the U.S., all 50 states have unique laws. Europe implemented GDPR. Canada has the Personal Information Protection and Electronic Documents Act (PIPEDA). Mexico has embedded privacy and protecting information in its constitution.

They’re all based on common principles and practices. If you break it down to those key elements, it becomes a lot easier to understand.

Key concepts:

  • Collect only what you need
  • Tell people what you’re doing with it
  • Get rid of what you don’t need
  • Protect what you’ve collected
  • Manage your vendors and contractors
  • Prepare for problems and be ready
  • Tell people quickly if you have a problem
  • Privacy should be incorporated as default and by design

Doing privacy well has benefits from a global business standpoint and internally. It creates better standardization across the board and makes interoperability, security, and trust much easier to manage.

If you do privacy right and follow the guidelines then you’ll be able to do business and have more opportunities.

Leveraging the regulations as an opportunity to compete and excel, rather than a barrier, can create a competitive advantage and reinforce Canadian businesses’ commitment to privacy.

For more details on the IdentityNORTH 2018 Annual Summit sessions, including “How Bad is Bad? NAFTA’s Threat Landscape,” join our community mailing list to view the full Conference Report, produced with the support and sponsorship of 2Keys.

Miss the Annual Summit?

Join our community mailing list and receive the Conference & Post Show Report

* indicates required