Within the course of a typical business day, you handle an abundance of personal information contained in credit records, employee files, legal documents, corporate documents, and medical records. You understand the responsibility that comes with this and take your duty to make sure that confidentiality is maintained seriously. Overall, you’re feeling fairly confident in your ability to protect your information and avoid a privacy breach. But because privacy protection is an ongoing process, every so often is pays dividends to review and refine the current processes you have in place for protecting your information.
PIPEDA and other regulations
Every organisation in Canada is bound by the Personal Information Protection and Electronic Documents Act (PIPEDA). Applied to private sector businesses in 2004, it outlines guidelines for the collection, use and disclosure of personal information by businesses. Quebec, specifically has it’s own privacy protection legislation - An Act Respecting the Protection of Personal Information in the Private Sector - which is substantially similar to PIPEDA. Both pieces of legislation have an impact on how information is stored, access and disposed of within your business.
Boosting your retention practices
Your organisation follows certain retention guidelines for storing business records containing confidential information. Many of these documents may be stored onsite at your primary business location - either in a locked storage area or within filing cabinets. While seemingly safe and secure there is still a risk associated with storing documents containing personal information onsite. One catastrophic event - fire, flood or other natural disaster - can result in a loss of your business records, not only exposing your organization to regulatory non-compliance but also opening up the door to the additional consequences:
- law suits
- negative publicity
- loss of client and shareholder confidence
Disaster recovery experts recommend that vital business records should be stored at a facility other than your primary business location. The facility should be carefully chosen, not only ensuring that your records are thoroughly protected from unauthorized access and a wide range of catastrophic events but also enhancing your ability to access and manage your business information.
Eliminating unauthorised access to expired files
Your current file disposal processes may also be exposing your business to increased privacy breach risk. Office shredding machines shred paper into relatively large strips, that do not render personal information unreadable. Identity theft experts recommend a “cross-cut” method of shredding to ensure unauthorized access to recently disposed of confidential documents.
While professional document destruction companies may use a cross-cut method, before engaging a paper shredding provider, it’s important to verify if the supplier is National Association for Information Destruction (NAID) NAID AAA certified. This not only ensures that your documents are shredded to a specific particle size but also makes certain that your vendor has undergone a thorough audit of it’s facilities, people and processes. A NAID AAA certified paper shredding company can offer your company a selection of document destruction services tailored specifically to your business, greatly reducing the risk of a privacy breach:
Docu-Dépôt provides records and management solutions that facilitate privacy protection for companies throughout Montréal and Québec. To find out more, please contact us by phone or fill in the form on this page.
HOURS OF OPERATION
Open to the public during the following hours:
Mon-Fri from 8:00-17:00
After 17:00 Dial (514) 271-3223 ext 299 and leave a message. We will contact you within 5 minutes.
© Copyright 2018 Docu-Dépôt. All Rights Reserved.