Blog

As Bill C-27, the Digital Charter Implementation Act, advances through Parliament, nonprofits and businesses across Canada must prepare for significant changes in how they collect, manage, and secure personal data. This legislation, which includes the Consumer Privacy Protection Act (CPPA), is designed to modernize Canada’s privacy framework and align with global standards. At Razzberry’s Tech Services Inc., we understand how overwhelming it can be to navigate these new regulations. Whether you’re running a nonprofit or a business, here are the steps you should take to stay compliant and avoid potential penalties. 1. Conduct a Comprehensive Data Collection Audit A critical aspect of Bill C-27 is its focus on transparency and accountability in data collection. Under this new law, organizations must clearly communicate what data they collect, why they collect it, and how it will be used. For nonprofits, which often handle sensitive donor information, it’s essential to audit all the data being collected. Businesses that gather customer data for marketing or operational purposes must also ensure they have user consent and a legitimate reason for collecting and storing the information. The era of collecting data without a clear purpose is over. Action Step: Conduct a full audit of your data collection processes. At Razzberry’s Tech Services Inc., we can help review your privacy policies, online forms, and terms of service to ensure compliance. Document user consent and update your privacy policies as needed. You can also refer to the Government of Canada’s Digital Charter for further guidance on best practices. 2. Strengthen Data Security Measures Bill C-27 emphasizes the need for securing personal data. With cyber threats on the rise, organizations must take proactive steps to protect the data they collect. Whether you’re running a nonprofit that stores sensitive beneficiary data or a business with a customer database, security is crucial. For nonprofits, this may mean investing in better security tools or partnering with third-party services to protect data. Businesses, particularly those involved in e-commerce or storing financial data, should ensure their security infrastructure is robust enough to prevent breaches. Action Step: Start with a security audit. At Razzberry’s Tech Services Inc., we offer cybersecurity services and security audits to ensure your data is secure. Implement data encryption, firewalls, secure servers, and backups to mitigate risks. You can also check the Canadian Centre for Cyber Security for resources on improving your organization’s cybersecurity. 3. Develop a Privacy Management Program Bill C-27 mandates that organizations establish a formal privacy management program. This program must address how personal data is collected, stored, and deleted, and include processes for handling privacy complaints, responding to data breaches, and maintaining compliance with privacy laws. Nonprofits, even those with limited resources, cannot afford to ignore this. A structured privacy management program will ensure your organization stays compliant. Businesses, particularly those with large amounts of customer data, should ensure they have the necessary resources to manage privacy properly. Action Step: Establish a privacy management program. At Razzberry’s Tech Services Inc., we can help you create a privacy management framework that meets the requirements of Bill C-27. For more detailed guidance, refer to the Office of the Privacy Commissioner of Canada. 4. Increase Accountability and Documentation Accountability is a key theme in Bill C-27. Nonprofits and businesses will be held to higher standards when it comes to handling personal data, and non-compliance could result in steep penalties. Organizations that mishandle data or fail to be transparent about its usage can face significant fines. Maintaining thorough documentation of your data practices is crucial. Nonprofits need to be especially vigilant since they often handle sensitive personal data. Businesses must also ensure they can demonstrate compliance at all times. Action Step: Create a compliance checklist and document your data practices. At Razzberry’s Tech Services Inc., we offer IT assessments and security audits to help identify gaps in your data practices. Keep thorough records of consent forms, data handling procedures, and security measures to protect your organization. 5. Prepare for New Enforcement and Penalties Bill C-27 introduces tougher enforcement mechanisms, and organizations that fail to comply could face significant penalties. The CPPA empowers the Office of the Privacy Commissioner to issue fines, which could reach up to 5% of global revenue or $25 million, whichever is higher. Nonprofits are not exempt from these fines, so it’s crucial to take compliance seriously. Action Step: Ensure your organization is prepared for increased oversight. At Razzberry’s Tech Services Inc., we can help you stay updated on Bill C-27 and implement necessary compliance measures. For updates on the bill’s legislative process, you can visit the Government of Canada’s legislative page. Conclusion Bill C-27 represents a significant shift in how nonprofits and businesses in Canada must handle personal data. To avoid penalties and ensure compliance, organizations need to take proactive steps now. By auditing your data collection practices, strengthening your security, developing a privacy management program, and ensuring accountability, your organization will be well-positioned for the future. If you need help navigating these new regulations, contact us at Razzberry’s Tech Services Inc., and we’ll assist you in preparing for the changes ahead.

In today’s digital world, cybersecurity is crucial for small businesses and nonprofits. While large corporations often make headlines for data breaches and hacking incidents, smaller organizations are not immune to these threats. In fact, small businesses and nonprofits are frequently targeted by cybercriminals because they typically have fewer defenses in place. This makes implementing solid cybersecurity practices essential for protecting sensitive data and maintaining trust with stakeholders. Why Cybersecurity is Important for Small Businesses and Nonprofits Small businesses and nonprofits often handle a range of sensitive information, such as customer data, financial records, and even health-related details. For nonprofits, donor information is particularly valuable, as it includes contact details and sometimes payment information. If this data falls into the wrong hands, it can lead to identity theft, financial losses, and a significant decline in public trust. Small businesses also face a unique set of challenges when it comes to cybersecurity. Many are not able to invest in dedicated IT staff, making it difficult to monitor and manage security risks effectively. A single cyber-attack can disrupt operations, result in costly damages, and even lead to permanent business closure. Therefore, understanding and implementing basic cybersecurity strategies is critical for any small business or nonprofit organization. Common Cyber Threats Targeting Small Businesses and Nonprofits To better protect your organization, it’s important to understand the most common cyber threats targeting small businesses and nonprofits. These include: Phishing Attacks Phishing is the most common form of cyber-attack, where hackers send deceptive emails that appear legitimate, aiming to trick recipients into revealing confidential information. Ransomware Ransomware involves malicious software that locks users out of their systems until a ransom is paid. Small businesses and nonprofits are common targets because they may not have the resources to implement advanced security measures. Malware Malware includes any type of malicious software designed to harm or exploit a device. It can enter systems through suspicious downloads, infected websites, or compromised emails. Data Breaches A data breach occurs when unauthorized individuals gain access to sensitive information. For nonprofits, a data breach can compromise donor data, while small businesses might see customer or employee information stolen. Insider Threats Insider threats come from employees, volunteers, or contractors who have access to the organization’s data. This can be unintentional, such as falling for a phishing email, or malicious, such as intentionally leaking information. Best Practices for Cybersecurity in Small Businesses and Nonprofits Even with limited budgets and resources, small businesses and nonprofits can take steps to strengthen their cybersecurity. Implementing the following best practices can help minimize the risk of cyber-attacks: Create a Cybersecurity Policy Develop a cybersecurity policy that outlines rules for handling data, using devices, and responding to potential threats. Ensure that all employees and volunteers are familiar with the policy and understand their responsibilities. Use Strong Passwords and Enable Multi-Factor Authentication (MFA) Encourage staff to use unique, strong passwords that include a mix of letters, numbers, and special characters. Implementing MFA adds an extra layer of security by requiring users to verify their identity using a second factor. Regularly Update Software Outdated software is a common entry point for cyber-attacks. Make sure all systems, including operating systems, antivirus software, and applications, are regularly updated to close security gaps. Back Up Important Data Regularly back up critical data and store it securely, either offsite or in the cloud. This ensures that you can quickly restore your systems if a ransomware attack occurs. Provide Ongoing Training for Staff and Volunteers Educate your team on the latest cyber threats, such as phishing, and provide guidelines on how to recognize and respond to suspicious activity. Training should be ongoing to keep everyone up-to-date. Limit Access to Sensitive Information Implement role-based access controls to ensure that only authorized personnel have access to sensitive data. This reduces the risk of insider threats and accidental data leaks. Use Antivirus and Firewall Solutions Install antivirus and firewall software to protect against malware and other forms of attacks. These solutions should be configured to automatically detect and block potential threats. Building a Culture of Cybersecurity For small businesses and nonprofits, building a culture of cybersecurity is just as important as implementing technical solutions. Leaders should emphasize the importance of protecting sensitive data and make cybersecurity a core component of the organization’s mission. Consider the following steps to foster a cybersecurity-aware environment: Communicate the Importance of Cybersecurity Regularly discuss cybersecurity during staff meetings and provide updates on new threats or changes in policy. Make it clear that everyone has a role to play in keeping the organization secure. Encourage Safe Reporting Create a safe environment for employees and volunteers to report suspicious activity without fear of punishment. Early reporting can help identify and address issues before they escalate. Integrate Cybersecurity into Daily Operations Incorporate cybersecurity practices into everyday tasks, such as verifying the source of emails before opening attachments or ensuring that sensitive data is encrypted before sharing. Outsourcing Cybersecurity Services For many small businesses and nonprofits, outsourcing cybersecurity services can be an effective solution. Managed service providers (MSPs) offer a range of services, such as network monitoring, data backup, and incident response, that can strengthen security without the need for in-house expertise. By outsourcing these functions, small businesses and nonprofits can benefit from professional support at a fraction of the cost of hiring dedicated IT staff. Conclusion Cybersecurity is a crucial aspect of operating any small business or nonprofit. Although it might seem overwhelming, starting with basic practices such as using strong passwords, regularly updating software, and providing training can make a significant difference. Small businesses and nonprofits must remain vigilant and proactive in protecting their digital assets to maintain trust and ensure their long-term success. By taking the right steps, these organizations can build a strong cybersecurity foundation that protects both their mission and the people they serve.

In a world that’s becoming increasingly reliant on technology, digital literacy has never been more important. From online banking to virtual health consultations, understanding how to navigate the digital landscape is essential for everyday life. Yet, many people still lack the basic digital skills they need to stay connected and safe online. At Razzberry’s Tech Services Inc., we recognize this challenge and are committed to empowering communities through our digital literacy programs. Here’s why digital literacy matters and what we’re doing to make a difference. Why Digital Literacy is a Key to Success: Digital literacy is more than just knowing how to use a computer or send an email. It’s about having the confidence and knowledge to access and utilize online resources, communicate effectively, and protect oneself from cyber threats. Here’s how digital literacy benefits individuals and communities: Enhances Employment Opportunities: In today’s job market, digital skills are crucial. Being digitally literate opens doors to new career opportunities and makes job searching more accessible. Improves Access to Services: Whether it’s booking a medical appointment, applying for government assistance, or accessing educational resources, many services are now only available online. Promotes Social Inclusion: Digital skills allow people to stay connected with family, friends, and the community, reducing feelings of isolation and loneliness. Protects Against Cyber Threats: With the rise of cybercrime, understanding how to recognize and avoid online scams is essential for protecting personal information. Our Digital Literacy Programs: At Razzberry’s Tech Services Inc., we believe that everyone should have the opportunity to build digital skills, regardless of their age, income, or background. That’s why we offer a range of digital literacy programs tailored to meet the needs of the communities we serve. Introductory Workshops for Seniors: Designed specifically for older adults, these workshops cover the basics of using a computer, navigating the internet, and staying safe online. We aim to demystify technology and make it approachable and accessible for seniors. Digital Skills for Job Seekers: This program focuses on helping individuals develop the tech skills needed to enter or re-enter the workforce. From creating resumes to mastering online job applications, we provide hands-on support and guidance. Cybersecurity Awareness Training: With cyber threats on the rise, we offer training sessions on how to recognize phishing emails, secure personal data, and use the internet safely. Customized Programs for Non-Profits and Small Businesses: Understanding that every organization has unique needs, we also offer tailored training for non-profits and small businesses to help them maximize their use of digital tools and platforms. Get Involved: Help Us Promote Digital Literacy! Our digital literacy programs are fueled by the support of passionate volunteers and generous donors. Here’s how you can get involved: Volunteer as a Trainer: Share your tech skills by volunteering to lead a workshop or provide one-on-one support. Donate Technology: Have an old laptop or tablet? Consider donating it to help us provide resources to those in need. Sponsor a Workshop: Your sponsorship can fund a workshop for a group of seniors or job seekers, giving them the tools they need to succeed. Final Thoughts: Digital literacy is about more than just technology—it’s about empowerment. By equipping individuals with the skills to navigate the digital world, we’re helping them unlock new opportunities, stay connected, and feel confident in their abilities. At Razzberry’s Tech Services Inc., we’re proud to be part of this journey and invite you to join us in making a difference. Interested in joining our efforts to promote digital literacy? Contact us today to learn more about our programs and how you can get involved. Visit razzberrys.ca to get started!

In recent years, privacy and data protection have become major concerns globally, especially in light of numerous data breaches and increasing cyber threats. Canada is no exception, and its government has been actively working on new legislation to modernize its data protection laws. The Canadian Consumer Privacy Protection Act (CPPA) is at the heart of this effort. In this blog post, we’ll explore the current status of the CPPA, its potential repercussions for businesses and individuals, and its implications for cybersecurity. What is the CPPA? The Canadian Consumer Privacy Protection Act (CPPA) is a proposed piece of legislation intended to replace the outdated Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA has been the primary federal privacy law in Canada since 2000, governing how businesses collect, use, and disclose personal information in the course of commercial activities. However, with rapid technological advancements and changing global privacy norms, PIPEDA has increasingly been seen as insufficient to protect Canadians’ privacy rights in the digital age. The CPPA is part of Bill C-27, the Digital Charter Implementation Act, 2022. This legislation aims to bring Canadian privacy laws in line with international standards, such as the European Union’s General Data Protection Regulation (GDPR). The CPPA focuses on strengthening the privacy rights of individuals, increasing transparency and accountability requirements for organizations, and enhancing the powers of the Office of the Privacy Commissioner of Canada. Current Status of the CPPA As of September 2024, the CPPA is still a proposed bill under consideration in the Canadian Parliament. Introduced in June 2022, the bill has gone through several readings and discussions. While it has gained support from privacy advocates and some industry groups, concerns have also been raised about its potential impact on businesses, especially small and medium-sized enterprises (SMEs). The legislative process has involved several rounds of debate and committee hearings, where stakeholders from various sectors have provided input. Despite delays and amendments, the CPPA is expected to pass in the near future, given the growing consensus on the need for stronger privacy protection measures in Canada. Repercussions of the CPPA The CPPA, if enacted, will have far-reaching consequences for businesses, consumers, and regulators in Canada. Here are some of the key repercussions: Stricter Consent Requirements: The CPPA introduces more stringent requirements for obtaining valid consent from individuals before collecting, using, or disclosing their personal information. Businesses will need to ensure that their privacy policies and consent mechanisms are clear, concise, and easily understandable. This could mean revising existing practices and implementing new procedures to comply with the law. Increased Accountability and Transparency: Organizations will be required to demonstrate greater accountability in how they handle personal information. This includes maintaining records of data processing activities, conducting privacy impact assessments, and appointing a Privacy Officer. The CPPA also mandates that organizations provide more transparent information to consumers about their data practices, which could increase administrative costs and compliance efforts. Higher Penalties for Non-Compliance: One of the most significant changes under the CPPA is the introduction of much steeper penalties for non-compliance. Organizations that violate the law could face fines of up to 5% of their global revenue or $25 million CAD, whichever is higher. This is a substantial increase from the maximum penalties under PIPEDA, which were capped at $100,000 CAD. Enhanced Rights for Individuals: The CPPA provides individuals with new rights, such as the right to data portability, the right to request deletion of their data, and the right to withdraw consent. These changes empower consumers but also require businesses to adapt their processes and technologies to facilitate these rights. Broader Regulatory Powers: The CPPA grants the Office of the Privacy Commissioner of Canada more robust enforcement powers, including the ability to conduct audits, issue binding orders, and recommend penalties. This means businesses may face more frequent scrutiny and regulatory oversight. Cybersecurity Implications of the CPPA The CPPA’s focus on privacy and data protection also has significant cybersecurity implications. Organizations will need to reassess their cybersecurity strategies to ensure compliance with the new legal framework. Here are some of the key cybersecurity considerations: Stronger Data Protection Measures: To comply with the CPPA, businesses must implement stronger data protection measures, including encryption, access controls, and regular security assessments. Cybersecurity will no longer be just a best practice but a legal requirement to safeguard personal data against unauthorized access, theft, and breaches. Incident Response and Breach Reporting: The CPPA emphasizes the importance of timely breach notification. Organizations will be required to report any breaches of personal information that pose a risk of significant harm to individuals to both the Privacy Commissioner and affected individuals. This will necessitate robust incident response plans and continuous monitoring to quickly detect and respond to potential breaches. Vendor and Third-Party Management: Under the CPPA, organizations will be held accountable for the data handling practices of their third-party vendors. Businesses will need to conduct thorough due diligence when selecting vendors and establish clear contracts and data protection agreements. This extends cybersecurity responsibilities beyond internal systems to the entire supply chain. Cybersecurity Training and Awareness: As part of their accountability measures, organizations will need to provide regular cybersecurity training to employees and stakeholders. This will help ensure that everyone understands their role in protecting personal information and complies with the CPPA’s requirements. Data Minimization and Secure Disposal: The CPPA promotes the principles of data minimization and secure disposal. Businesses will need to evaluate their data collection practices and retain only the data necessary for their operations. Additionally, secure disposal mechanisms must be in place to ensure that data is permanently erased when it is no longer needed. Conclusion The Canadian Consumer Privacy Protection Act (CPPA) represents a significant shift in the privacy landscape in Canada. While it brings numerous benefits, such as enhanced privacy rights for individuals and increased accountability for businesses, it also presents challenges, particularly concerning compliance and cybersecurity. Organizations must proactively prepare for these changes by updating their privacy policies, implementing stronger data protection measures, and fostering a culture of

Cory Dibowski was born in London, Ontario, two months ahead of schedule. Despite a challenging start, Cory gradually thrived under the care of his family. His early years were spent in Woodstock, living with his mom and sister before moving to St. Thomas, Ontario, where he spent most of his formative years.

Ashley Newton was born in Halifax, Nova Scotia, where she developed a passion for cheerleading from a young age. In 2008, her mother met a military man, and a few years later, they relocated to London, Ontario, to start a new chapter together. In 2013, her mother married this man, and Ashley embraced her new dad with open arms.

To get ahold of John you can email him at jarmand@razzberrys.ca