I recently visited a local business, where I noticed that their handwritten appointment book was full of client Credit Card numbers and Expiry Dates. I immediately pointed this out to management, but it made me wonder – are small businesses taking security & privacy seriously?
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) became law in April, 2000. The act has several implications for any business which collects and retains customer information. Under the law, organizations are required to:
PIPEDA also stipulates security requirements for client data stored in computer systems, including the use of safeguards such as firewalls, passwords, and data encryption.
10 years have passed since the implementation of PIPEDA, but the requirements on businesses remain the same. Perhaps now is an ideal time for businesses to revisit their practices around the collection, storage, and use of customer data.
Here’s a Privacy Guide for Small Businesses(pdf) to get you started, along with a quick Privacy Policy quiz:
If your company could benefit from some expert advice in ensuring that your customer data is secure, and meeting applicable regulations, ask us. We’d be happy to conduct a Network Security Assessment, and identify areas where your current security practices can be improved.