ACCESS TO INFORMATION POLICY
The purpose of this policy is to ensure our organization’s compliance with Quebec law on the protection of personal information in the private sector. It aims to limit access to certain documents and files containing personal information, whether physical or electronic.
This policy applies to all employees, contractors, suppliers and any other person with access to our premises or information systems.
Personal information: any information concerning a person that allows them to be identified.
Authorized access: access granted to an individual to enable them to carry out their professional functions.
Access to personal information
Access to personal information is strictly limited to those individuals who need the information to perform their professional functions. These include human resources employees, customer account managers and information security managers.
Physical access control
Physical files containing personal information are kept in locked cabinets. Only authorized employees will have the key or access code to these cabinets. Keys and access codes will be managed by the information security manager.
Electronic access control
Access to electronically stored personal information will be controlled by unique and secure passwords. Authorized employees will be assigned a unique username and password to access this information. Passwords must be changed every three months and cannot be reused.
Audit and monitoring
Regular audits will be carried out to ensure that only authorized individuals have access to personal information. Any suspicious activity will be immediately reported to the Information Security Officer.
All employees will receive training on this access to information policy and how to protect personal information. This training will be provided upon hire and will be repeated each year.
Any violation of this policy may result in disciplinary action, including termination. Employees are required to report any violations of this policy to the Information Security Officer.
This policy will be reviewed annually to ensure that it remains compliant with Quebec legislation and meets the needs of our organization.
The information security manager is responsible for implementing and monitoring this policy. All employees are responsible for complying with this policy.
Responsible of IT department
Responsible of human resources
Responsible of truck drivers