• First Reference
  • About us
  • Contact us
  • Free Coronavirus FAQ 🔬
  • Free Newsletter 📨
  • Get PolicyPro Free Trial 🎉

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
You are here: Home / Business / Destruction of information – do you know your obligations?

By Adam Gorley | 3 Minutes Read February 10, 2011

Destruction of information – do you know your obligations?

Here’s something you might want to know about: the Federal Government has introduced a law to impose stricter obligations with respect to information and security breaches. The Safeguarding Canadians’ Personal Information Act (Bill C-29) would:

Introduce new requirements for organizations to report material breaches of information security safeguards (data breaches) to the Privacy Commissioner of Canada and notify affected individuals and certain organizations when the breaches are deemed to pose a real risk of significant harm.

The Act would also allow organizations to share information in order to prevent fraud and aid in investigations of contraventions.
shreddingThe proposed amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) have yet to pass second reading, and it’s hard to say when Bill C-29 might become law, if at all. There are good reasons organizations should take notice though, like the potential for the government to keep a closer eye on whether you’re keeping up with your obligation to destroy documents.
According to Workplace magazine and Shred-it, “As data leaks and security breaches hit the headlines, it’s inevitable that more stringent legislation will follow”.
If Bill C-29 does become law, its enhanced transparency requirements “will force organizations to improve the way they handle and store data, ensuring systematic procedures are in place for destroying confidential information”.
No one should be surprised that the people at Shred-it are interested in organizations destroying their documents that they no longer need. That’s their business. Nevertheless, those obligations are real, and the article offers the following tips to help prevent security breaches.
1.     Identify security gaps
Conduct a security audit of your business’ security practices while keeping these questions in mind:

  • Are there current procedures in place to properly secure or destroy sensitive data?  If so, what are they?
  • If security gaps are present, where do they lie?

2.     List security gaps
List all potential risks specific to your organization. Some questions you should consider include:

  • Are sensitive HR documents, such as employee records, only accessed by authorized personnel?
  • Are there discrepancies between the security procedures involving print versus electronic documents?
  • Are employees currently trained to dispose of paper waste using appropriate receptacles?

When compiling the list, remember to include both paper-based and electronic information sources. Also be sure to consider every stage of the information cycle, from data generation to document destruction.
3.     Working from home
When employees must work from home, they must limit the printing of hardcopies and transferring sensitive information onto personal devices such as laptops or USB keys. Employees should also refrain from throwing information out in garbage cans, recycling bins and dumpsters.
4.     Address security gaps
Create and develop a rigid security policy for your organization. Always remember to place sensitive information in secure areas and under password protection with limited access by employees. Delete or destroy all other data that are no longer required, and be sure to keep hard copies of confidential data under lock-and-key. Follow the document life cycle and implement company-wide policies that ensure all employees regularly destroy confidential documents using professional third party services.
I couldn’t say it better myself.
It’s also a good idea to make sure you recycle any appropriate documents. It should take little to no effort, and your customers and employees will approve.
To see the text of Bill C-29, the Safeguarding Canadians’ Personal Information Act, or follow its status, visit LEGISinfo.
First Reference publishes Finance and Accounting PolicyPro to help small and medium-sized businesses manage their obligations and comply with the law with respect to document security in general and document destruction specifically.
Adam Gorley
First Reference Human Resources and Compliance Editor

  • About
  • Latest Posts
Follow me

Adam Gorley

Editor at First Reference Inc.
Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.
Follow me

Latest posts by Adam Gorley (see all)

  • Legal recreational marijuana: how can you address the workplace risks? - October 15, 2018
  • Jeffrey Sherman to present at GTA Accountants Network | Early-bird rates, CPD hours - September 28, 2018
  • 2018 will be a pivotal year for employers and HR managers in Ontario – #LearnTheLatest - April 20, 2018

Article by Adam Gorley / Business, Privacy / Bill C-29, collecting data, data storage, FAPP, Finance and Accounting PolicyPro, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy and risk management, Privacy Commissioner, privacy legislation, recycling, Safeguarding Canadians' Personal Information Act, security breaches, security gaps

Share with a friend or colleague

Learn the 10 essential HR policies in the time of COVID-19

Get the Latest Posts in your Inbox for Free!

About Adam Gorley

Adam Gorley is a copywriter, editor and researcher at First Reference. He contributes regularly to First Reference Talks, Inside Internal Controls and other First Reference publications. He writes about general HR issues, accessibility, privacy, technology in the workplace, accommodation, violence and harassment, internal controls and more.

Footer

About us

Established in 1995, First Reference Inc. (known as La Référence in Quebec) provides Canadian organizations of any size with practical and authoritative resources to help ensure compliance.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2021 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy