Canadian Security Magazine

Shred-it intros the information security legislation compliance toolkit

By Canadian Security   

News Data Security

Extensive legislation governing privacy in Canada makes it challenging for organizations to ensure their information security policies and procedures are fully compliant with the law. Shred-it is helping Canadian business leaders with a toolkit of strategies to ensure compliance with federal and provincial privacy laws.

As new threats to data security emerge, governments consistently revise and develop new laws to protect personal information. With so much in flux, organizations can struggle to meet information security requirements, especially in tightly regulated sectors such as healthcare and financial services, where privacy protection requirements are exceptionally stringent.  They can incur significant fines and face serious consequences if found to be in violation of federal and provincial privacy laws.
The first step in mitigating this risk is understanding the role information security policies and procedures play in remaining compliant with legislation related to the storage and disposal of confidential information.
“On a daily basis virtually every business, regardless of size or industry, comes into contact with sensitive information, whether it is credit card numbers, social insurance numbers or confidential business plans,” says Bruce Andrew, EVP, Shred-it. “Maintaining an information security policy which addresses the storage and destruction of digital and physical data not only reduces the risk of fraud but helps organizations act in accordance with privacy legislation.”
According to the 2015 Shred-it Security Tracker information security survey, 96% of c-suite executives and 82% of small business owners are aware of the legal requirements for storing, keeping or disposing of confidential data in their industry. However, the survey revealed that this awareness is not always translating into action –a surprising 37% of small business owners reported having no protocol in place for the secure destruction of confidential information.
“Without the proper information security protocols and policies in place, organizations are not only risking the personal and confidential information of their customers and employees, but increasing their chances of financial loss, reputational damage and legal repercussions,” continues Andrew. “When you consider the many consequences of a data breach, you quickly realize that organizations without comprehensive policies and procedures are jeopardizing their ability to continue operating.”
The Legislation Leader Compliance Toolkit helps business leaders navigate their legal requirements concerning the storage and destruction of confidential data by providing best practices surrounding the assessment and implementation of information security practices in relation to compliance.

You can download the Toolkit here.

Print this page


Stories continue below


Leave a Reply

Your email address will not be published. Required fields are marked *