The Digital Governance Standards Institute (DGSI) is undergoing its periodic maintenance review of the national standard of Canada called “CAN/DGSI 109-1:2022 (R2024), Privacy – Part 1: Qualification and Proficiency of Access-to-Information, Privacy, and Data Protection Professionals.”
The DGSI urged members of the public and stakeholders – including industry leaders, government representatives, policymakers, certification bodies, and privacy, HR, and legal professionals – to share their insights by the June 25 deadline.
The national standard sets the minimum qualifications and core competencies for Canada’s privacy professionals and seeks to ensure that these professionals remain proficient in their fields, the DGSI’s article said. The standard aims to support organizations developing the relevant training and certification programs, the article said.
The standard covers various areas pertinent to privacy professionals, including privacy laws, data protection practices, information privacy, information governance, access to information, and privacy education and awareness, the DGSI said. It is relevant to public, private, and nonprofit organizations alike and all sectors of the economy, the DGSI added.
The review process may lead to a revision, reaffirmation, a new edition, or a withdrawal of the standard, the DGSI said in its article. The review thus directly affects professional qualifications relating to privacy and data protection, the article said.
The DGSI said its review covers core competencies, training requirements, privacy and access-to-information knowledge, risk management and compliance oversight, certification and accreditation processes, and ethical and legal responsibilities.
The DGSI explained that its review seeks to ensure that the standard abides by the current regulations, threats, and best practices so that privacy professionals can meet the present data governance challenges.
According to the DGSI’s article, the review specifically aims to:
- ensure privacy professionals have the knowledge, skills, and certifications that they need
- strengthen the qualifications for compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), freedom of information (FOI), and global data protection laws
- improve competencies in connection with privacy impact assessments, security policies, and governance frameworks
- look at the requirements for training programs and professional credentials
- update the guidance on data ethics, confidentiality, and accountability
The DGSI stressed that data is a valuable commodity in the digital economy amid evolving privacy laws and growing data protection.
The DGSI added that organizations need competent privacy professionals who deeply understand technology, privacy, access to information, data protection, and the best practices and laws involved so that they can navigate the applicable legal requirements, address risks, and respect individual rights.