Privacy Information Security and Who is Accountable?
Every organization that is subject to Canada’s private-sector privacy laws is obligated to be in compliance with them. An accountable organization must have in place appropriate policies and procedures that promote good information security practices. The goal is to comply with privacy protection laws.
“There are four statutory privacy regimes that may apply to the private sector in Canada. The Personal Information Protection and Electronic Documents Act (“PIPEDA”) applies to federal works, undertakings or businesses (and to their employee personal information), and to provincially regulated businesses in provinces without substantially similar privacy legislation that collect, use or disclose personal information in the course of commercial activities.”
– Office of the Privacy Commissioner of Canada
The benefits of implementing a privacy management program
A comprehensive privacy management program provides an effective way for organizations to satisfy regulators and assure that they are compliant and protecting information security. But there is more. Your organization should be able to demonstrate that it is providing reasonable due diligence to effectively deliver a privacy management program in the event of a complaint, data breach, investigation or audit.
The responsibility usually lies with your organization's Compliant Supervisor. They will want to ensure they are correctly identifying privacy-related obligations and risks and appropriately taking them into account in developing business models and related technologies business practices. It is their obligation to minimize risks within your organization.
As your partner, it is our commitment to provide our clients with a responsible IT asset disposition and data destruction solutions and to bring awareness and confidence in relevant aspects of the privacy management program. We can help protect your business from negligence with the proper policies and procedures put in place.
Please note that businesses, institutions and firms will require a customized solution since the level of risk will depend on the industry.
If you would like more information about this topic or to schedule a meeting, please contact us:
Phone: 1.519.624.3300
Email: info@greentec.com
CASE STUDY
How the University of Waterloo & Greentec are leading the way in asset disposal
UW partnered with Greentec, whose tailored solutions ensured secure data destruction, environmental responsibility, and regulatory compliance, to collaboratively transform its IT asset disposal process.