.png)
In a decisive step towards fortifying cybersecurity within the public sector, Ontario has introduced the Strengthening Cyber Security and Building Trust in the Public Sector Act, 2024. This proposed legislation aims to enhance the cybersecurity capabilities of vulnerable sectors such as hospitals, schools, and children’s aid societies, ensuring they are better equipped to handle modern cyber threats.
The new legislation grants the Minister of Public and Business Service Delivery the authority to lead cybersecurity efforts across select public sector entities. It includes the establishment of regulations that will mandate sector-specific requirements and obligatory cyber incident reporting to the provincial government. The intent is to improve the emergency management of cyber incidents, particularly for organizations lacking strong cybersecurity practices.
The percentage of IT budgets dedicated to cybersecurity is on the rise, reflecting a broader awareness of the need for enhanced cyber defenses. However, a previous report indicated that only 1% of organizations in Canada have achieved the necessary level of cybersecurity readiness to effectively counter contemporary threats. This legislation is a significant step in addressing this readiness gap.
Additionally, the proposed law aims to bolster the authority of the Information and Privacy Commissioner of Ontario (IPC) to investigate and respond to privacy breaches and the misuse of personal data. This includes mandatory privacy impact assessments for organizations and a clear definition of an “artificial intelligence system” to align with leading jurisdictions globally. The legislation also sets out to ensure responsible and transparent use of AI within the public sector, requiring public notification when AI systems are used and providing a channel for human review of AI decisions.
Todd McCarthy, Ontario’s Minister of Public and Business Service Delivery, emphasized the importance of these measures, stating, “This new legislation would provide the right tools to prevent and quickly respond to future cyber-attacks and privacy breaches, improve our digital delivery of services and provide a strong framework for artificial intelligence governance.”
The Council of Canadian Innovators (CCI) has expressed support for the proposed legislation. Skaidra Puodziunas, CCI director of Ontario affairs, remarked, “Both technology and policy are moving incredibly quickly in the digital economy, as society adjusts to the realities of digitized services, cybersecurity, data, and artificial intelligence. Clear rules and guardrails are essential for fostering trust in technology systems, and we are pleased to work with the government to develop these policies in partnership with industry.”
As Ontario moves forward with this legislation, it is actively engaging with the AI Expert Working Group, comprising experts from the tech industry, academia, and other sectors, to provide advice on the development of Ontario’s Trustworthy AI Framework. This collaborative approach aims to ensure the responsible use of AI within the public service.
While the government’s efforts are commendable, the onus also falls on public sector organizations to adopt robust cybersecurity measures. This is where partners like Directpath Global Technologies (DGT) can make a difference. As a Managed Security Service Provider (MSSP), DGT offers comprehensive services including MTD, XDR, VAPT, SOC2 compliance, Vulnerability Risk Management as a Service (VRMaaS), WAF, and vCISO. Our advanced Artificial Intelligence Division is equipped to tailor solutions not only for cybersecurity but for various operational needs of organizations, ensuring they stay ahead of emerging threats.
The urgency of these initiatives cannot be overstated. As society becomes increasingly digital, the risks associated with cyber threats continue to grow. Ontario’s proposed legislation is a proactive measure to safeguard public sector entities and build trust in the digital services that are integral to our daily lives. Public comments on the draft bill are being accepted through the Ontario Regulatory Registry until June 11, 2024, providing a crucial opportunity for stakeholders to contribute to this pivotal dialogue.
By embracing these advancements, we can collectively ensure that our public institutions are resilient against cyber threats and are well-prepared to protect the sensitive data and services upon which citizens depend. Source: Human Resources Director
Comments