The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
As the world leader in paper shredding, we ensure your documents are securely destroyed.
Hard drives could cost you millions in a data breach. Physically destroy your electronic data.
Get a Quote
Back To Information Security Resources
Regulatory and legal compliance is an aspect of information security that is increasingly important, but still often overlooked, particularly by smaller organizations.
Most business decision-makers are aware of the negative consequences of information security breaches – from lost money to lost customers, damaged reputation and costly court cases. However, what some business leaders still do not realize is, that organizations may have to deal with the law not only when the breach has already occurred. It is also their legal responsibility to eliminate the very conditions that may lead to a potential breach, in order to prevent it in the first place. In Canada and internationally, governments and regulators are now demanding that organizations, large and small, take responsibility for the security of the sensitive data in their custody.Read further to find out what Canadian laws require, and what steps your company should take to keep itself compliant.
Download PDF Version
It is no secret that, for organizational growth and survival, companies depend on an abundance of quality information. After all, we live in what is known as the “information age.”
Data collection from clients, partners, employees and other stakeholders is an integral part of a business operation. Companies process payroll, analyze cash flow, keep track of suppliers, research client profiles, data-mine for trends and collect competitive intelligence. These are just some of the tasks most organizations perform to succeed in today’s business. However, the same pools of data can also be accessed by individuals with very different goals.
"Unfortunately, individuals not bound by ethical constraints are capable of using easily-available information for illegitimate purposes," says Vincent R. De Palma, President and CEO at Shred-it. "Information theft, including identity theft, is a substantial and growing business these days. Criminals operating in both Canada and abroad extract handsome profits by exploiting organizations' security vulnerabilities."
Armed with a few key pieces of information, such as a name, birth date, social insurance number and address, identity thieves can reconstruct and steal the information of your clients, employees, owners, partners and even your entire company. They may then use this information for potential criminal gain through false loan applications, credit card fraud, bank account “skimming,” false medical insurance claims and more.
Information security laws and regulations have been put in place in Canada, for organizations both large and small for this very reason.
Canadian law-makers have established a legal and regulatory framework to try to ensure that organizations protect sensitive information from misuse.
The Personal Information Protection and Electronic Documents Act, (PIPEDA) protects personal information in the hands of private sector organizations and provides guidelines for the collection, use and disclosure of that information in the course of commercial activity.
As you can see, Canadian law clearly states that businesses must destroy, erase or make anonymous personal data that is no longer needed. However, many organizations are still caught off guard by the news that not only should they be adopting best practices to ensure the safety of confidential information in their custody, but they are required by law to do so.
According to Shred-it’s 2011 Information Security Tracker2, research conducted by Ipsos Reid indicated that 28% of Canadian small to mid-sized businesses are not aware of legal compliances and legislations that apply to the security of their business.
"Part of our job as an information security company is to consult organizations on what best practices and security strategies they should be implementing to become compliant," says Mr. De Palma. "Typically, there are several key strategy components we recommend to each client. One of them is that they should always opt for document destruction methods that meet or exceed all national compliance standards. Another recommendation is to have an organization-wide policy in place that stipulates how company employees should go about the disposal of their paper waste."
It is important to remember that, when it comes to information security, legal compliance is only a minimum necessary requirement, and an organization''s efforts to protect itself, its clients, employees and other stakeholders shouldn''t stop there. The ultimate goal is to create a culture of total security, with zero tolerance not only to security breaches, but also to the existence of the very conditions that make them possible.
Ensure full compliance with all privacy legislation that governs your industry.
List all information security risks specific to your organization, targeting both paper-based and electronic information sources. Consider every stage of the information cycle, from data generation and storage to the transfer of data from location to location and the document destruction process.
Train your employees in best practices and have a clearly documented and well-understood process for secure document management and destruction.
Outsource document destruction to professional providers, who ensuer the total security of the doucment disposal process
Fill out the form or call 888.750.6450 to start protecting your business today!