In September, Toronto police announced a major change to their burglar alarm response policy. Specifically, they made it clear that they would no longer respond to alarms unless there was verified proof that some form of criminal activity or a threat to an individual was occurring at the time of the notification.

Up to that point, police would always send a car to any commercial or residential property where an alarm was sounded. Better to be safe than sorry, the thinking went. According to their revised guidelines, police will now only respond to an alarm if a threat can be verified by an audio or video device, there are multiple zone activations in effect—which are typical in the case of a break-and-enter with multiple burglars at the crime scene—or they have an eyewitness on the scene calling in the incident. This could include a private security guard.

Toronto police will still attend verifiable alarm calls

Why the change? Police data from 2016 show that 97 per cent of security system-related calls were false alarms. “When a panic alarm button is hit, we will absolutely attend,” a police spokesperson told media “Also, if we get evidence there has been a burglary, we will also attend that call too.” Really? It’s reassuring to know that the police will attend actual crimes. Needless to say, this new policy raises several red flags to those of us in the security field. The most obvious being that some break-ins could foreseeably go unchecked because authorities deem them to be false alarms, or because their slow response allows criminals to come and go without the risk of apprehension.

To help prevent those false alarms, police are advising home owners and commercial property managers to update key holder information, ensure regular alarm system maintenance, change alarm batteries frequently, keep alarms free of dust and debris and educate residents, tenants and employees on system operation protocols.

While the policy change is understandable—having police respond to a plethora of false alarms is, of course, a costly and inefficient use of resources—it discounts the possibility that actual crimes may be in progress, with verification coming only when it’s too late. Criminals, being a clever lot, will undoubtedly use these new rules to their advantage if they know police aren’t going to respond when a standalone alarm is sounded.

Robust security is more important than ever

Most importantly, this underscores the need to maintain 24/7 protection for commercial or residential properties. That means having an active security presence and state-of-the-art monitoring systems—or, at the very least, one of those two crucial components—in place to build out a comprehensive security strategy to protect your assets. With these new rules governing what, exactly, justifies a live police response, investing in adequate security is no longer an option for commercial property or residential property owners, and that includes condominium boards.

As such, most organizations will need to re-evaluate their current alarm systems. Is it enough, or do they now need new cameras? Do those cameras need to be monitored by a security service in order to verify alarm issues? Manufacturers, integrators, monitoring centres and the end users need to answer these questions or risk being left behind by these new requirements.

Expect traditional police duties to be increasingly outsourced

Another notable aspect of development is that it highlights an emerging trend across North America: the outsourcing of police duties to private security providers. An important line in the Toronto Police Service’s policy change was the one noting that eyewitness verification of a security breach would warrant an on-site visit from police. The fact that the eyewitness could be a security guard means that police understand—and perhaps even welcome—the involvement of private security firms.

We can expect to see an even greater willingness on the part of the authorities to accept third-party security help in the years ahead as police budgets are slashed or frozen, and resources are redirected to priority areas. The challenge for commercial property owners is that investigating issues such as potential break-ins or vandalism—although obviously well within the mandate of local police services—often take a back seat to the prevention or investigation of violent crimes or other, more serious offences.

Choosing the right security provider is key

Now, it’s important to remember that not only does your organization need security help to keep its assets and people safe, it needs to partner with the right security provider, one that takes an integrated approach and provides effective training to its staff. The trend of downloading security duties to private companies shines a spotlight on the processes and procedures that security firms develop and follow. How well trained are their staff? What are their employee retention rates? Is their HR department fronted by a proverbial revolving door as people come and go looking for a job rather than a career? The maturity and sophistication of firms across our industry is now under greater scrutiny than ever before.

So, too, are service providers’ embrace of technology. Everything from drones to patrol robots to leading-edge software and video camera systems are the kind of tools that will become increasingly important in the years ahead. Criminals are always getting smarter. They will find ways to circumvent even the most advanced electronics. Is your security provider equipped to keep pace?

In one sense the Toronto Police Service’s alarm response policy change has a silver lining. Over time, a greater reliance on reliable private security providers will help push out the fringe players from our industry whose inadequate services put clients at greater risk. Because when police won’t respond without knowing that a crime is in progress, there’s simply too much at stake to put your commercial or residential property and assets in the hands of an unprofessional security firm.

Winston Stewart, President and CEO

Wincon Security 

Ontario business owners who spent the last week celebrating the tabling of Bill 47, legislation that promises to repeal most of the controversial Bill 148 (with the implementation of the equally unpopular Pay Transparency Act also due to be delayed and revised, as well), could be forgiven for missing the enactment of another important new law. Only this one comes with significant cyber and physical security implications for organizations across industries.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is new federal legislation that “applies to the collection, use or disclosure of personal information in the course of a commercial activity.” Put simply, if yours is an organization that has clients to whom it sells products or services, it falls under the Act’s jurisdiction. Exemptions exist in provinces that have privacy legislation in line with PIPEDA, but in those cases provincial laws need to be almost identical to the federal counterpart, or else the latter applies. What does this all mean? According to the Office of the Privacy Commissioner of Canada:

“Organizations covered by PIPEDA must obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy. Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Individuals should also be assured that their information will be protected by appropriate safeguards.”

New disclosure requirements

Perhaps most importantly, the legislation requires Canadian firms to brief customers in the event of a data breach that involves the hacking of personal information. At the same time, organizations must inform the Privacy Commission if they believe the breach carries with it “a real risk of significant harm to an individual.” The language in the new law is notably vague and unspecific. Organizations are required to have “appropriate” digital safeguards in place, even when sharing data between third-party vendors.

Penalties for non-compliance can top $100,000 per violation, so organizations are wise to be proactive and fall in line with the new rules.

PIPEDA a challenge for SMEs

Smaller businesses will likely have more difficulty complying with the law, particularly because they lack full-time IT teams or personnel to help track and protect data. Only now the financial stakes of ensuring adequate cybersecurity are significantly higher. As if the potential brand and bottom-line hit from an incident of data theft wasn’t bad enough, to add insult to injury cash-strapped companies also have to worry about Ottawa levying a steep fine when they’re at their most vulnerable.

While the new PIPEDA rules are obviously focused on the protection of data while promoting cybersecurity vigilance and protection for consumers, this is also about physical security. Why? It’s not uncommon for thieves to steal laptops or servers from an office or retail outlet, for example, then search those devices for everything from sellable business data to credit card information. Whether they actually find anything to peddle is beside the point. Because so many organizations still lack the necessary cloud- or hardware-based back up systems to protect data in case of a physical theft, losing that information to physical burglaries can be just as bad as being hacked by an online malfeasant.

An opportunity to think holistically about security

Here’s the good news: PIPEDA represents an important opportunity for organizations of all sizes and across industries to improve their security infrastructure. Without this legislative impetus, many companies would be happy to keep on carrying on, ignoring potential threats and crossing their fingers that a hacker or burglar won’t one day target their precious customer data.

It’s best to look at PIPEDA as a chance to develop a comprehensive security strategy that looks at both physical and digital security in a holistic way, analyzing potential vulnerabilities and outlining effective tools to help mitigate risk. This would also be the ideal time to consider upgrading security hardware such as monitoring and alarm systems, not to mention the crucial software that protects everything from your property’s entry points to devices such as laptops. These security components should all work in harmony and when one is insufficient, crafty criminals will be sure to take advantage to exploit weaknesses.

Is PIPEDA compliance potentially costly? Yes, but taking a proactive approach is always less expensive than trying to recover from a massive data breach. For that reason, the legislation could be just the nudge that your organization needed to stay safe and secure.

Winston Stewart, President and CEO

Wincon Security