Correctly managing your internal documentation is important, not just for your company's own records, but also for the government. Even if you have been engaging in proper records management practices under the law for decades, you won't be following the law if you do the same things this year that you have been doing for years. This is due to the fact that government legislation can cause governmental requirements to quickly change. Canada, specifically, has made some huge changes in its records management legislation in recent years. To make sure that your records management practices are on point for the near future, we are going to discuss seven ways that records management legislation is changing.
The Code of Practice for Protection of Personally Identifiable Information (PIPEDA)
You must destroy certain documentation that identifies your employees
In order to protect individual people's privacy from data breaches, the PIPEDA now requires that your company reduce liability by either destroying or making anonymous any personal data not necessary for identification purposes. This includes both digital and physical records.
The Personal Information Protection and Electronic Documents Act
Cloud servers are required by law to work harder to protect customer data
The cloud is quickly rising as one of the best ways to store your data for both the long and short-term. That being said, this means that you will be relying on someone else to protect your data. In the case of a good cloud server, this is not a bad thing, since they will have stauncher data security than your company can muster on its own. That being said, they were able to use some customer information for "secondary" purposes. The law now explicitly forbids this (meaning companies can no longer purchase your company's information or that of your employees for advertising purposes).
The Completion Act
The Competition Bureau has established guidelines for submitting images to the government that requires it to be single page images with at least 300 dpi; the format must be either .jpg or .tif.
You can't provide the government partial records
In some cases, the only way to get a clear picture of the information provided by a file is to see other files that relate to it. Without all of these relevant files, the primary file's purpose may become obscured. In order to preserve this parent/child relationship between multiple files, all records must be submitted in full.
Don't provide encrypted documents
As you can imagine, the government does not want to sift through password protected files. As such, the Completion Bureau requires that all documents are submitted without any password protection or encryption.
Copyright Modernization Act
Virtual private network (VPN) hosts have to keep records for at least six months
In order to preserve the access to digital records, especially ones that could be useful in legal matters, the 2012 Copyright Modernization act requires all VPN hosts to retain their records of activity logs for at least six months. While this may not directly affect how your company manages its records, you should be aware of this in case your team uses VPNs.
Fair Use rules still apply
As long as a copyrighted file is not protected by any digital locks, fragments of it can be freely used for parodies, satire and education.
Now that you know, you can adapt
It is important that you prepare your organization's record keeping practices with the latest records management legislation. This will save your company a great deal of confusion, headaches and legal trouble in the long run.