Personal information governance
CYBERSECURITY AND PERSONAL INFORMATION PROTECTION POLICY ÖKO CRÉATIONS INC.
PERSONAL INFORMATION
Karine Létourneau, shareholder, is officially appointed as the person responsible for personal information.
PERSONAL INFORMATION INVENTORY
|
INFORMATION |
EMPLOYEES |
CLIENTS |
VISITORS |
PROSPECTS |
|
Name |
X |
X |
X |
X |
|
Business address |
|
X |
|
X |
|
Private address |
X |
X |
|
X |
|
SIN |
X |
|
|
|
|
Date of birth |
X |
|
|
|
|
Private phone |
X |
X |
|
X |
|
Business phone |
|
X |
|
X |
|
|
X |
X |
X |
X |
|
Website |
|
X |
X |
X |
|
Social networks |
X |
X |
X |
X |
|
Cheque specimen |
X |
|
|
|
REGISTER OF CONFIDENTIALITY INCIDENTS
CONFIDENTIALITY INCIDENT REGISTER A register of confidentiality incidents is kept in the event of a breach of personal information confidentiality.
The following template register is to be completed in the event of an incident and must be communicated to the Access to Information Commission as well as the individual(s) affected by the incident.
|
Date of incident or discovery |
Incident type |
Information affected by the incident |
Information storage medium |
Number of people affected by the incident |
Actions taken upon discovery of the incident |
CYBERSECURITY MEASURES
Several measures are in place to ensure superior security regarding the protection of personal data and within the framework of cybersecurity:
Antivirus software is installed on each of the company's computers. Each company computer is continuously connected to a VPN application. Company employees are required to keep this application running at all times. System backups are performed once a month. Backup copies are stored on an external hard drive. All employees are required to maintain an active firewall at all times. Weekly verification by employees of compliance with cybersecurity measures is mandatory. All company employees must store their passwords only on our software. They are required to create highly secure passwords composed of uppercase letters, lowercase letters, numbers, and symbols. No password should be reused. Employees must use two-factor authentication if available. Our website is hosted on Shopify and is secure. A cookie consent banner is present on our websites. All company documents and external hard drives are kept in a secure room locked with a key. Company and client data are stored on ZOHO One software which uses AES, one of the most robust and powerful methods for encrypting sensitive data.
ACCESS MANAGEMENT LIST
|
INFORMATION |
CEO |
Accounting and administrative assistant |
Marketing assistant |
Collaborations |
|
Name |
X |
X |
X |
X |
|
Business address |
X |
X |
X |
X |
|
Private address |
X |
X |
X |
|
|
SIN |
X |
X |
X |
|
|
Date of birth |
X |
X |
X |
|
|
Private phone |
X |
X |
X |
X |
|
Business phone |
X |
X |
X |
X |
|
|
X |
X |
X |
X |
|
Website |
X |
X |
X |
X |
|
Social networks |
X |
|
X |
X |
|
NEQ/NE |
X |
X |
X |
|
|
GST/QST number |
X |
X |
X |
|
|
Employer number |
X |
X |
X |
|
|
Specimen check |
X |
X |
X |
X |
|
Banking access |
X |
X |
|
|
|
Access to various software |
X |
X |
|
|
|
Employee information |
X |
X |
X |
|
PERSONAL INFORMATION GOVERNANCE POLICIES
Several measures are in place to ensure superior security regarding data protection.
Information Collection
A privacy and information collection policy is published on our website to guide the use of data obtained from website usage.
A privacy and information collection policy is included in our service contract to govern the data collected and used in the course of our services.
Retention and Destruction of Information
We retain the data received from clients and website users for as long as necessary.
In the course of our services, if we do not perform services for more than 12 months, we return all information to the client and delete this data from our systems.
Roles and Responsibilities of Company Members
Employees
We may disclose to any member of our organization the user data they reasonably need to achieve the objectives outlined in this policy.
Third Parties
We may share user data with the following third parties:
Professionals with whom we work
We may share user data with third parties for the following purposes:
Responding to your service request Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given objective.
Other Disclosures
We are committed to not selling or sharing your data with third parties, except in the following cases:
If required by law
If required for any legal proceedings
To prove or protect our legal rights
To buyers or potential buyers of this company in the event we seek to sell the company
If you follow hyperlinks from our site to another site, please note that we are not responsible for and do not have control over their privacy policies and practices.
Complaint Handling Process Regarding Information Protection
If you wish for your information to be deleted or modified in any way, please contact our confidential information protection officer:
Karine Létourneau info@okocreations.ca (450) 625-3630