Posts

It’s not easy being royalty. Just ask the Duke and Duchess of Sussex. When Prince Harry and Meghan Markle announced in January that they’d be stepping back from their royal duties, working towards financial independence and moving to Canada—yes, Canada—the world recoiled at the upheaval shaking the usually staid House of Windsor.

With the royals in crisis over Harry’s snubbing of his monarchical calling—this despite the fact that he’s currently sixth in the line of succession and has no real chance of becoming king—the Queen struck a deal with her grandson that saw him lose several peerages and official titles in return for a life of (relative) freedom in B.C. Then came the next question: who would pay for the Sussexes’ security?

That’s a delicate topic and a political minefield that the British and Canadian governments have been attempting to tiptoe through without causing public uproar. Just last week it was announced that the RCMP would cease providing security to the couple in the coming weeks, the assumption being that they, or the British government, would now be picking up the tab.

One question I’ve been asked of late is an interesting one: What, exactly, does it take to protect a prince? And are estimates that Prince Harry’s security could cost in the millions of dollars accurate? While I don’t have any insider knowledge on the topic—and nor should we speculate on the security measures that would be undertaken to protect the Sussexes while in Canada—we can look at the tactics that would be used to protect any VIP or high-net-worth individual whose family could be vulnerable to privacy intrusions or, worse, threats to their safety.

To start that process, a private security firm that specializes in protection for high-profile individuals would be called in to conduct a comprehensive risk assessment. Verifiable threats against the family’s safety would be taken with the utmost seriousness. Security specialists would monitor inbound communications by phone or email, as well as social media activity, for hints of potential criminal threats on the horizon. They would then draft that aforementioned security strategy taking into account those potential risks and implementing tactics to proactively mitigate each one.

As part of that risk assessment, a security team would sweep the VIP’s property (once a suitable one was located, of course) to analyze any and all points of vulnerability—including by air, land and water. They would work to lock down any potential access points (the property could potentially be fenced) and highlight weaknesses. A security detail would patrol the grounds as needed.

Any VIP’s home would undoubtedly be equipped with a very high-tech camera system. This would likely include facial recognition software and would be monitored 24/7 by a security detail stationed somewhere on the property or very nearby. Non-celebrity VIPs might rely on remote monitoring instead. Every window in the home would be equipped with glass break sensors and could even be retrofitted with bullet-proof glass. In the case of the Royals, RCMP or British authorities would determine the necessity of the latter feature based on their initial security assessment.

Inside the home, officials would work to make security measures as inconspicuous and unobtrusive as possible. One common feature of luxury homes for the very wealthy or famous are panic rooms—a space where VIPs can take shelter in the event of a home invasion. The trend nowadays is moving away from dedicated panic rooms to a specific functional room in the house, such as a master bedroom, that can be locked down in an emergency. Whatever the proscribed solution, most VIP families would likely have a reinforced space with full communications—and possibly even a dedicated air supply—that could serve as a mini-fortress in the event of a threat such as a home invasion, an attack or a kidnapping attempt. The likelihood of any of those scenarios playing out is slim, but security officials don’t take chances with the safety of their high-profile charges.

Because very wealthy people tend to jet set and home-hop on a regular basis, they often have only a relatively short list of property options limited to homes with suitable security infrastructure.

A last point on the cost to protect a VIP couple, especially one as high-profile as Harry and Meghan: Initial estimates that the Sussexes’ annual security expenses are in the high six figures are likely understated. If the couple are engaged in public events while in Canada, the cost for their protection could easily climb to more than $1 million per year. Simply having round-the-clock protection involving multiple security professionals can be extraordinarily expensive, let alone the cost to secure venues at official engagements.

Living the high-net-worth or celebrity life isn’t cheap, especially when you’re two of the most famous faces on the planet. Who foots the bill for Harry and Meghan’s security while in Canada remains uncertain, but let’s all hope the Queen is picking up part of the tab—this one could get expensive.

Winston Stewart, President and CEO

Wincon Security

Millions of Canadians took to the streets this past week in a ‘strike’ to protest and raise awareness around climate change. Some retailers—in particular those espousing environmentally-conscious values and business models—even closed their stores for a day in support. It’s reasonable to assume that at least a handful of those placard-carrying, green-minded citizens are concerned about the spillover security implications of warming temperatures and rising waters, such as the mass migration of people due to extreme weather events. What they probably don’t realize is just how close to home those impacts could be. It’s a cautionary note that commercial property owners and managers would be wise to heed, as well.

Because climate change is a concern for everyone, even those in the business community whose organizations are unlikely to be directly impacted by the planet’s fast-changing weather patterns.

Consider the torrential downpour last year  that inundated much of Toronto’s downtown core. The deluge was so swift that two men became trapped in a basement elevator at their workplace.

Water flooded into the basement after they boarded the lift (which, unbeknownst to them, was out of service) and quickly rose to more than six feet. The men had only minutes to spare before the water level in the elevator cleared their heads. They were soon rescued by police who swam to the basement and used a crowbar to pry open a passage large enough for them to escape. No one was seriously injured in the incident.

Extreme weather events are the new norm

While this was an unusually dire situation—it’s not every day that someone almost drowns in an elevator—Canadians should be prepared to manage the side-effects of increasingly severe weather. In fact, political leaders are already beginning to prepare us for the potential challenges that lie ahead. As Prime Minister Justin Trudeau noted in a speech earlier this year after major flooding ravaged parts of Quebec:

“ … with climate change, we’re going to see more and more of these extreme weather events more regularly. It means we have to think about adaptation, mitigation and how we’re going to move forward together.”

That means we can expect more intense rain, snow, wind and ice than ever before. In his comments, the PM was merely echoing findings of Canada’s Changing Climate Report released earlier this year. It issued several dire warnings, including that:

“A warmer climate will intensify some weather extremes in the future. Extreme hot temperatures will become more frequent and more intense. This will increase the severity of heatwaves, and contribute to increased drought and wildfire risks. While inland flooding results from multiple factors, more intense rainfalls will increase urban flood risks. It is uncertain how warmer temperatures and smaller snow packs will combine to affect the frequency and magnitude of snowmelt-related flooding.” 

Climate change-related risks and security challenges

Unpredictable weather creates a variety of risks, legal liabilities and security exposures for organizations. While not all will be life-threatening, many will apply pressure to already strained balance sheets. Indeed, some of those risks will be more benign, yet no less costly or disruptive to manage.

We’re aware of companies that have watched helplessly as large amounts of inventory or critical IT infrastructure such as computer servers, became submerged under water in a matter of minutes as a result of historically heavy rainfalls. The ensuing business interruption cost them time, money and, in some cases, even goodwill with customers as they scrambled to recover data or deliver goods and services as promised. Others have seen their offices or manufacturing facilities damaged by high winds.

While not a realistic concern in the Greater Toronto Area, extreme heat can spark infernos that can impair regular commerce—think of the fires that raged across the Prairies in recent summers, prompting widespread evacuations in cities such as Fort McMurray.

Security’s role in addressing climate-related incidents

At some point during any climate-related incident, your security team will likely be called upon to help manage the situation. That could be to protect a damaged facility as it awaits repair and to ensure that no one enters the premises if conditions are unsafe; or to help muster employees if the issue happens to be particularly dangerous and relocation to a secure site becomes necessary. This is precisely why organizations need to be equipped with effective emergency preparedness disaster response plans.

Perhaps most importantly, they need to work with their internal security teams or third-party security providers to conduct a comprehensive assessment that analyzes absolutely every potential weather-related risk exposure. Doing so will not only help protect your bottom line and mitigate the threat of lawsuits or brand damage for a botched incident response, but could also save lives.

Employees must be trained to respond to an emergency, particularly if your business happens to be situated in an area prone to major weather events. And if not, you still need to be ready to adapt as climate patterns continue to shift. Even a seemingly pleasant heat wave—while great for patio and beach season—can put a damper on everything from morale to productivity if it’s particularly intense or sustained. Skyrocketing temperatures can quickly produce health-related challenges (think sun stroke or heat exhaustion) to which your security team might be the first to respond.

In doing so, they need to be ready to act. In fact, we all do, because climate change is an unfortunate fact of life that we’ll need to manage in the years ahead. It’s only by adapting—and taking a security-first approach—that we can proactively mitigate its many risks.

Winston Stewart, President and CEO

Wincon Security

When news broke recently that the Swedish Data Protection Authority fined a local municipality more than USD $20,000 for privacy violations, it marked the emergence of a potential new front in the struggle to balance privacy rights and security requirements.

Under the European Union’s General Data Protection Regulation (GDPR)—sweeping legislation that governs everything from website tracking to data collection practices across the 28-member European Union and European Economic Area—the use of data gathered with the help of facial recognition and biometric software is restricted and tightly controlled. Apparently a school board in Sweden didn’t get the memo and used facial recognition software to track high school student attendance over a three-week trial period intended to test out new technology.

The school board saw the tracking software as a more efficient use of teacher’s classroom time. According to media reports, attendance-conscious educators had apparently been devoting about 17,000 hours a year to keeping tabs on their pupils. The SDPA saw the matter differently and issued the significant fine, a first for Sweden.

Tech as a security tool, but to what end? 

The European Union has taken the lead in legislating to secure privacy rights and protect citizens, just as authorities in other regions have turned to cutting-edge new technology designed to enhance protection measures for the general public. In the wake of recent shootings in Toronto, for example, the city’s community housing agency has announced plans to increase video surveillance in at-risk neighbourhoods, all to help deter crime and aid police enforcement efforts. In the United Kingdom, cities such as London have long relied on street-level surveillance to maintain safety. The U.S. government has been using biometric technology, including the fingerprinting of foreign visitors, at border crossings for years.

The challenge that arises, of course, is when governments abuse these tools. China has faced widespread criticism for its use of facial recognition and data collection programs in its western provinces to track the local Uyghur community. In other parts of the country, Beijing actively uses technology to help silence or monitor anti-government voices. Many liken the tactics to an Orwellian invasion of privacy, an effort to enforce government-sanctioned values on an unassuming populace.

If a school board in Sweden uses facial recognition technology to track students, some argue, it’s not far-fetched to expect a more widespread application of that software across society. In the hands of a trusted few there isn’t much concern. But what happens if those individuals can no longer be trusted?

Legal systems adapting to new technology 

The reality is the use of technology as a protective tool is hardly novel and, in most cases, isn’t nearly as sinister as some may contend. The big question, as with the example from Sweden, is to what degree governments will tolerate its use. Authorities in Canada are beginning to weigh in on the safety and security vs. privacy debate.

In Ontario, for example, a labour arbitrator recently ruled in Teamsters Local Union No. 230 v Innocon Inc., that a concrete delivery company (Innocon) had the right to install cameras in its trucks to help improve driver safety and highlight potential driver misconduct by recording a driver’s actions, but only in the event that the vehicle swerved unexpectedly or took some form of evasive action that could indicate erroneous or erratic driving. In the arbitrator’s view, some level of in-cab monitoring was justified because an employer’s business interests can supersede an employee’s right to privacy under specific circumstances.

Security strategies for business

Business owners should be aware that at any point, our legal landscape could shift and new laws could limit the use of biometric or facial technology when used in public spaces or workplaces. But I predict that governments will take a measured approach to balancing privacy and security concerns. It’s likely that we will see a tightening of privacy restrictions in Ontario and across Canada at some point. In the meantime, however, your focus should be on assessing your organization’s security vulnerabilities and taking an integrated approach to protecting your people and assets.

That means reviewing the plethora of tech tools available on the market and deciding which ones make sense for your organization based on its operational needs. Facial recognition technology may make sense for a retailer with several busy locations, for example, but could provide little benefit to a software development firm with much simpler security needs. Be prepared to customize your strategy and invest in security components that will make a decided impact in helping mitigate risk and advancing your organization’s strategic goals (e.g., not being robbed, having your data held hostage or seeing your commercial property or workplace invaded).

But first, take the time to understand your jurisdiction’s privacy laws. Make sure your security strategy doesn’t violate any rules when the time comes to implement cutting-edge—yet potentially controversial—security technology.

Winston Stewart, President and CEO

Wincon Security

Ontario business owners who spent the last week celebrating the tabling of Bill 47, legislation that promises to repeal most of the controversial Bill 148 (with the implementation of the equally unpopular Pay Transparency Act also due to be delayed and revised, as well), could be forgiven for missing the enactment of another important new law. Only this one comes with significant cyber and physical security implications for organizations across industries.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is new federal legislation that “applies to the collection, use or disclosure of personal information in the course of a commercial activity.” Put simply, if yours is an organization that has clients to whom it sells products or services, it falls under the Act’s jurisdiction. Exemptions exist in provinces that have privacy legislation in line with PIPEDA, but in those cases provincial laws need to be almost identical to the federal counterpart, or else the latter applies. What does this all mean? According to the Office of the Privacy Commissioner of Canada:

“Organizations covered by PIPEDA must obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy. Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Individuals should also be assured that their information will be protected by appropriate safeguards.”

New disclosure requirements

Perhaps most importantly, the legislation requires Canadian firms to brief customers in the event of a data breach that involves the hacking of personal information. At the same time, organizations must inform the Privacy Commission if they believe the breach carries with it “a real risk of significant harm to an individual.” The language in the new law is notably vague and unspecific. Organizations are required to have “appropriate” digital safeguards in place, even when sharing data between third-party vendors.

Penalties for non-compliance can top $100,000 per violation, so organizations are wise to be proactive and fall in line with the new rules.

PIPEDA a challenge for SMEs

Smaller businesses will likely have more difficulty complying with the law, particularly because they lack full-time IT teams or personnel to help track and protect data. Only now the financial stakes of ensuring adequate cybersecurity are significantly higher. As if the potential brand and bottom-line hit from an incident of data theft wasn’t bad enough, to add insult to injury cash-strapped companies also have to worry about Ottawa levying a steep fine when they’re at their most vulnerable.

While the new PIPEDA rules are obviously focused on the protection of data while promoting cybersecurity vigilance and protection for consumers, this is also about physical security. Why? It’s not uncommon for thieves to steal laptops or servers from an office or retail outlet, for example, then search those devices for everything from sellable business data to credit card information. Whether they actually find anything to peddle is beside the point. Because so many organizations still lack the necessary cloud- or hardware-based back up systems to protect data in case of a physical theft, losing that information to physical burglaries can be just as bad as being hacked by an online malfeasant.

An opportunity to think holistically about security

Here’s the good news: PIPEDA represents an important opportunity for organizations of all sizes and across industries to improve their security infrastructure. Without this legislative impetus, many companies would be happy to keep on carrying on, ignoring potential threats and crossing their fingers that a hacker or burglar won’t one day target their precious customer data.

It’s best to look at PIPEDA as a chance to develop a comprehensive security strategy that looks at both physical and digital security in a holistic way, analyzing potential vulnerabilities and outlining effective tools to help mitigate risk. This would also be the ideal time to consider upgrading security hardware such as monitoring and alarm systems, not to mention the crucial software that protects everything from your property’s entry points to devices such as laptops. These security components should all work in harmony and when one is insufficient, crafty criminals will be sure to take advantage to exploit weaknesses.

Is PIPEDA compliance potentially costly? Yes, but taking a proactive approach is always less expensive than trying to recover from a massive data breach. For that reason, the legislation could be just the nudge that your organization needed to stay safe and secure.

Winston Stewart, President and CEO

Wincon Security 

If all goes according to the federal government’s plan, by October 17, marijuana will be legal in Canada.

It’s a hugely significant legislative change that will have an impact across our society. Well, sort of. As many experts have already noted, the likelihood of reefer madness gripping the Great White North and making pot heads of us all is highly unlikely. Those who want to toke (legally) will finally have the opportunity, while those who prefer to crack a cold one on their off hours (or not indulge at all) will consider it business as usual.

That raises an important point for owners and managers of commercial properties and the businesses they occupy: having an HR or facility policy to manage the use of marijuana in the workplace is crucial for ensuring building security. More on this in a moment, but first, the legalities of managing pot use in the workplace and why it matters.

As Toronto-based labour and employment lawyer Peter Straszynski wrote in a 2016 article for Canadian Lawyer magazine:

“Employers will have the right to prohibit the use of marijuana during work hours, and to further prohibit attendance at work while impaired. Violation of these prohibitions can be made the subject of progressive discipline. In appropriate cases, such violations could result in termination of employment for just cause. Where an employee’s use of marijuana amounts to a physical or psychological dependency, however, such addiction will likely constitute a “disability” under provincial and federal human rights legislation, triggering the employer’s duty to accommodate the employee’s disability.”

I won’t delve deep into the complexities of accommodating a pot addiction—although as a business owner, it’s very much on my HR radar—but I can’t do enough to emphasize the importance of training security personnel on ways to identify and manage the behaviour of inebriated individuals that may be under their watch. Why?

Put simply, pot use is already quite common in Canada. According to the 2017 Canadian Cannabis Survey, 23 per cent of employees say they partake in the odd joint, while 39 per cent admit they’ve driven while high. There is a chance that once legalized, usage will increase, if only slightly.

Now, you may argue that, as an employer or property owner, an individual’s drug-use habits are their own business and none of yours, right? Not so fast.

Anyone who’s been around pot users or partaken themselves knows that people who are high, as with individuals intoxicated as a result of consuming alcohol, tend to make poor decisions. Their senses are dulled. They are clumsier and less alert. They simply aren’t as rational as when sober. While a person who is high isn’t likely to become violent, of course, they can act in ways that are highly problematic from an HR standpoint, potentially placing others at risk—particularly if your commercial property is one that stores or produces hazardous materials, or houses heavy machinery.

It’s important for employers and security personnel to bear this in mind when dealing with individuals who may enjoy consuming cannabis, or who is prone to sneaking the odd joint during work hours.

On the other hand, it’s just as important to set clear policies that govern drug use for security personnel while on the job. Wincon Security already has policies in place to ensure that our staff never partake in any form of drug use at a client site or while engaged in the delivery of services on behalf of our organization. We enforce this policy rigorously and won’t compromise even as pot possession and usage is legalized in the months ahead.

Why? To be fully engaged in their roles and ensure that the commercial property, apartment or condominium residence they’re guarding remains fully secure, our staff must be at their very best. In the same way that we wouldn’t permit our people to stop for a pint mid-shift, we will never permit them to take five to share a joint. Luckily, we work with some of the best in the business and have never had to take action to enforce this policy. Other security firms may not be as stringent in the drafting or enforcement of similar policies.

While it’s highly unlikely that marijuana legalization will cast a significant negative pall on Canadian businesses, slowing productivity and delivering a collective case of the munchies, we do need to prepared for its inevitable arrival. Take the time to adjust your HR and security policies to ensure that yours is a pot-free workplace, and make it clear that employees—and especially security staff—understand that drug use is not an option in your workplace.

Winston Stewart, President and CEO

Wincon Security