I recently visited a local business, where I noticed that their handwritten appointment book was full of client Credit Card numbers and Expiry Dates. I immediately pointed this out to management, but it made me wonder – are small businesses taking security & privacy seriously?
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) became law in April, 2000. The act has several implications for any business which collects and retains customer information. Under the law, organizations are required to:
- Obtain consent when they collect, use or disclose their personal information;
- Supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction;
- Collect information by fair and lawful means; and
- Have personal information policies that are clear, understandable and readily available
PIPEDA also stipulates security requirements for client data stored in computer systems, including the use of safeguards such as firewalls, passwords, and data encryption.
10 years have passed since the implementation of PIPEDA, but the requirements on businesses remain the same. Perhaps now is an ideal time for businesses to revisit their practices around the collection, storage, and use of customer data.
- What personal information does your organization or branch collect and why do you collect it?
- How does your organization safeguard customers’ personal information?
- Under what circumstances does your organization disclose personal information, such as to credit agencies or collection agencies?
If your company could benefit from some expert advice in ensuring that your customer data is secure, and meeting applicable regulations, ask us. We’d be happy to conduct a Network Security Assessment, and identify areas where your current security practices can be improved.