Is Your Business Compliant With Canadian Privacy Laws?
January 24, 2015
There is a recent bill passed in Canada which helps to prevent spam e-mails and messages. This is an anti-spam measure so that it does not cause inconvenience to consumers. It mainly goes to businesses, products and services which are using emails and messages as a means of product or service promotion and advertisement.
The law mainly states that consumers or rather the general audience have to express consent to receive such emails and messages before the companies can continue promoting their products and services through this media. If anyone is not compliant to this law then there are severe penalties to be faced. Individuals can be charged up to 1 million dollars and companies can be charged to up to 10 million dollars if they do not adhere to this bill. Consent attained should be informed consent, such that the consumer should be made aware to what they are signing up for before this bill can hold value.
There are a few points for you to look through before you know if your company’s marketing methods abides by the Canadian law, and in this article we will take you through those important elements.
Accountability
Leadership and accountability is one of the ten principles or privacy of PIPEDA. This means that you have to get someone in your office or a team of employees to make sure they are responsible for any personal information of your consumers involved. They have to be careful of the ways they, and the whole office manages the collection, usage and disposal of personal information in a safe way so that confidentiality is not breached.
If any personal information is to be retained, they also have to take charge and make sure that the storage of such information is done appropriately. It should only reach to the hands and eyes of those who need it, and not available with a free access to everyone. Having such a set up with a team or an individual responsible for personal information would help your company to have a more orderly system in handling such matters. It is not to easily place the blame on this individual if anything goes wrong, but it is to make sure that this person has a sole purpose this their job scope to ensure that the whole company abides by the Canadian law.
Create security awareness in your office
You should, as the company head, come up with your own business’s security policies and guidelines. Having a easy to follow instruction set on handling important information in your company can save you the problem of breaching any consumer security law in the world. On top of implementing such policies and guidelines, you should adequately and regularly train your employees to follow these policies too. Provide them the information about these policies in an easy to read and easy to follow form so that it is more likely that everyone would put in the initiative and effort to abide by these guidelines.
Ensure that you also train your employees on data protection, not just with the documents that they handle in hard copy, but also through mobile devices, emails, and computers. Your company should also put in place a policy for internet usage and data protection in the internet, and again your employees should be appropriately and regularly trained in this matter as well
Physically protecting data
Make sure on top of other forms of data security, you are physically protecting the data in your company as well. Ensure that your office is locked up with good protection devices and also alarms, so that any break in will be made known easily. Also introduce other policies like a clean desk policy, which would allow your employees to handle documents with important information safely. Having a clean desk would mean that your employees would not leave important pieces of paper lying around for everyone to have a read and it would also ensure proper disposal of these documents after shredding.
Keep sensitive and confidential information neatly filed in files, and locked away in cabinets away from the movement of the majority of your employees. If you largely have soft copy stores, then act to making sure that your network and system in the company is secure and cannot be easily breached by an outsider who is trying to hack. Implementing these and investing money, time and effort in these methods could save you a lot of losses in terms of penalties from breaking laws and also from data breach incident losses.
Document management practices
You need to ensure that your entire office has good document management practices to know that you would not breach the Canadian law. For example, the PIPEDA makes it a rule that offices should have a records retention schedule. Moreover, they also imply that any information which is no longer needed should be appropriately disposed.
Disposal of information is an important and detailed process which is often underestimated by many companies. Hard copy information should be shredded before disposing. Soft copy information in hard drives especially should not just be deleted, but they should be physically destructed as well. If they are thrown away normally after the documents in them are deleted, they can still be easily traced back by hackers due to the automatic and default backup system of the hard drives.
At Papersavers Limited, we offer a variety of shredding options to suit your needs and budgets. Call us today for a quick enquiry.
