1-888-643-2217 Email ABEX
Keeping you updated

Monthly Archives: May 2013

Consider Your Email Exposure

Keyboard 2

Before sending, your employees should stop and think, “Would I like this email to be seen on the front page of my morning newspaper?”

Email is a standard for business communications. According to a study by the Radicati Group, the average corporate email user sends and receives about 112 email messages each day. Because email as a business tool is here to stay, companies need to take the time to recognize and manage the risks that electronic communications present.

Today, emails are some of the most important records recovered in discovery requests during litigation. With the false privacy email messages provide, people send and receive lots of information that they wouldn’t want others to know about. They don’t realize that information in emails is easily recovered as evidence during litigation, even if the email message was deleted, indicating who received what information and when.

To equip your organization with the right tools to prevent and protect against these risks, a group of employees should be assigned to develop guidelines and procedures regarding emails and other electronically stored information (ESI), such as instant message logs and electronic files. At least one member from the management, legal, information technology and human resources teams should be involved in this process to make sure that the best interests of the entire organization are met.  Click here to read more.


Considerations of Cloud Computing

abstract-globeThe ongoing discussion surrounding Bill C-28 has caused Canadians to consider exactly what “privacy” entails. One issue that has come to the forefront is determining the safety of cloud computing.

Cloud computing offers companies the ability to outsource applications, platforms and infrastructure. This can include (but is not limited to) services like email, accounting software, account management systems and even servers. When a company decides to use cloud computing, they contract with an IT firm. In turn, the IT firm may subcontract with other firms to store data. As a result, a company’s data may be housed in a variety of locations–not all of which are necessarily under Canadian jurisdiction.

Federal and provincial private sector privacy legislation allows personal information to be transferred to an organization in another jurisdiction for processing and storage, as long as the organization receiving the personal information does not use it for any purposes other than what was implied or previously consented to.

The organization that transferred the personal information is still responsible for protecting it, and the organization the personal information is transferred to must provide a level of security comparable to what would be required under Canadian law.

In addition, the transfer must be disclosed to individuals to whom the data pertains. Generally, this should include notifying them that:

  1. Their personal information will be processed and stored outside of Canada.
  2. Their personal information will be under foreign jurisdiction, which may be less protective than the laws that exist in Canada.

Concerns have recently been voiced about the impact of private sector firms that use cloud computing in the United States because once their data crosses the border, it is subject to section 215 of the US Patriot Act. This means US officials can get a judicial order for the turnover of information that is suspected of terrorism. This turnover can be “blind,” which means that for the security of the US investigation, no parties need to be informed about the seizure of the data.

Lawyers around the country argue that the level of data security that exists when cloud computing across the border is no different than the current level of security. The Treaty on Mutual Legal Assistance in Criminal Matters has been in place since 1990 and allows the United States and Canada to assist each other in any criminal investigation by sharing records and pertinent data. The Canadian Security and Intelligence Service Act allows for secret warrants to be decreed to obtain electronic data. Lawyers argue that these two pieces of legislation create situations where data can be blindly obtained and shared across the border.

Since this is such a new issue, many companies are still concerned. Organizations can consider obtaining meaningful contractual commitments for administrative, technological and physical security protections from the organization to which the personal information is being transferred. The transferring organization can also consider audit or other rights that would permit ongoing check-ups of those security protections as well as the use of the personal information.

Organizations should obtain legal advice to better understand how cloud transfers of personal information will affect existing legal commitments. It may be necessary to give special notice to individuals and to provide them with opt-out or termination opportunities.

© 2013 Zywave, Inc.



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn