• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / Destruction of information – do you know your obligations?

By Adam Gorley | 3 Minutes Read February 10, 2011

Destruction of information – do you know your obligations?

Here’s something you might want to know about: the Federal Government has introduced a law to impose stricter obligations with respect to information and security breaches. The Safeguarding Canadians’ Personal Information Act (Bill C-29) would:

Introduce new requirements for organizations to report material breaches of information security safeguards (data breaches) to the Privacy Commissioner of Canada and notify affected individuals and certain organizations when the breaches are deemed to pose a real risk of significant harm.

The Act would also allow organizations to share information in order to prevent fraud and aid in investigations of contraventions.
shreddingThe proposed amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) have yet to pass second reading, and it’s hard to say when Bill C-29 might become law, if at all. There are good reasons organizations should take notice though, like the potential for the government to keep a closer eye on whether you’re keeping up with your obligation to destroy documents.
According to Workplace magazine and Shred-it, “As data leaks and security breaches hit the headlines, it’s inevitable that more stringent legislation will follow”.
If Bill C-29 does become law, its enhanced transparency requirements “will force organizations to improve the way they handle and store data, ensuring systematic procedures are in place for destroying confidential information”.
No one should be surprised that the people at Shred-it are interested in organizations destroying their documents that they no longer need. That’s their business. Nevertheless, those obligations are real, and the article offers the following tips to help prevent security breaches.
1.     Identify security gaps
Conduct a security audit of your business’ security practices while keeping these questions in mind:

  • Are there current procedures in place to properly secure or destroy sensitive data?  If so, what are they?
  • If security gaps are present, where do they lie?

2.     List security gaps
List all potential risks specific to your organization. Some questions you should consider include:

  • Are sensitive HR documents, such as employee records, only accessed by authorized personnel?
  • Are there discrepancies between the security procedures involving print versus electronic documents?
  • Are employees currently trained to dispose of paper waste using appropriate receptacles?

When compiling the list, remember to include both paper-based and electronic information sources. Also be sure to consider every stage of the information cycle, from data generation to document destruction.
3.     Working from home
When employees must work from home, they must limit the printing of hardcopies and transferring sensitive information onto personal devices such as laptops or USB keys. Employees should also refrain from throwing information out in garbage cans, recycling bins and dumpsters.
4.     Address security gaps
Create and develop a rigid security policy for your organization. Always remember to place sensitive information in secure areas and under password protection with limited access by employees. Delete or destroy all other data that are no longer required, and be sure to keep hard copies of confidential data under lock-and-key. Follow the document life cycle and implement company-wide policies that ensure all employees regularly destroy confidential documents using professional third party services.
I couldn’t say it better myself.
It’s also a good idea to make sure you recycle any appropriate documents. It should take little to no effort, and your customers and employees will approve.
To see the text of Bill C-29, the Safeguarding Canadians’ Personal Information Act, or follow its status, visit LEGISinfo.
First Reference publishes Finance and Accounting PolicyPro to help small and medium-sized businesses manage their obligations and comply with the law with respect to document security in general and document destruction specifically.
Adam Gorley
First Reference Human Resources and Compliance Editor

  • About
  • Latest Posts
Follow me
Adam Gorley
Editor at First Reference Inc.
Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.
Follow me
Latest posts by Adam Gorley (see all)
  • Can you implement a mandatory vaccine policy or ask employees if they have been vaccinated? - June 10, 2021
  • Do you know the latest on terminations? Find out at the Ontario Virtual Employment Law Conference - May 11, 2021
  • Announcing the 2021 Virtual Ontario Employment Law Conference - April 15, 2021

Article by Adam Gorley / Business, Privacy / Bill C-29, collecting data, data storage, FAPP, Finance and Accounting PolicyPro, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy and risk management, Privacy Commissioner, privacy legislation, recycling, Safeguarding Canadians' Personal Information Act, security breaches, security gaps

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Adam Gorley

Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy