Privacy Services
Is your personal, confidential and sensitive information safe?
You have specialized practices for information management you’ve honed over many years, or you may hold patents and trade secrets that make your organization unique and successful in a crowded field. Your computer systems and filing cabinets hold personal data about customers, clients and employees going back years.
Is it all safe from theft, hacking or just plain old mistakes?
In all of these areas, we can advise you on best practices, help you develop policies and procedures, teach you or your staff how to do it, or we can do the work for you.
Privacy Audit, Compliance and Review
A business or organization that asks us for a privacy audit or compliance review gets two things – a thorough analysis and assessment of the company’s privacy practices and policies, including security and retention of personal information, and a plan to improve. We will identify any gaps, red flags, risks and especially any immediate exposures, and we teach you how to close those holes, or we can close them for you.
Privacy Services
We will assess how personal information is stored, secured and retained, and determine if it’s accessible to only those who need to see it based upon privacy best practices and principles. We will review internal accountability and access provisions and guide you in limiting them as necessary. We’ll also help you determine if technical and physical security requirements have been met at the highest level and examine your agreements with IT providers to ensure legislative obligations are addressed.
Breach Management
When the worst happens and your business loses control of private or personal information, we will identify the breach and determine its reach, its source and how much information is exposed – and close the breach immediately.
We will help you retrieve the exposed personal information, be it electronic or on paper, then review with you how to prevent it from happening again. We help you notify company executives or the board of directors, and if required, make any necessary reports to the Office of the Information and Privacy Commissioner of B.C.
Third-party Privacy Provisions
Everyone from your IT provider to the company that takes away your paper shredding has access to your information. Privacy provisions require them to treat your personal, sensitive and confidential information as your organization does. Is that communicated clearly and do you have it in writing?
We can assess, audit and conduct on-site inspections of how your third-party contractors and consultants handle information in your custody and control. We can also review and draft agreements with those third parties to make sure that information is safe in their hands.
Legislative Obligations and Requirements
We will help you understand what privacy legislation is, how it applies to your company, if you fall under federal or provincial laws, and, depending on your type of business, whether there are any other legal requirements. Then we’ll help you fulfill and surpass those requirements.
Information Sharing Agreements
If your organization regularly shares information – especially personal information – with other organizations, we can help you assess your existing agreements or draft new ones protecting that information. This will ensure both sides are managing the information properly, particularly with respect to collection, use, disclosure, access, storage and security.
Privacy Impact Assessments
You’re looking at a shiny new computer operating system, accounting software or a new program that tracks your customers’ orders – but does it comply with privacy requirements and your own agreements with clients to keep personal information secure?
We can guide you through the process to determine whether it meets your obligations under privacy legislation – and if it doesn’t, how we can get you to a place where it does.