I'm looking for advice on a concerning situation at my workplace in Canada. The head of my department has requested that I give a newly contracted external consulting group full read access to all of our files. This raises significant alarm bells for me, especially since the consultancy seems to operate mainly out of the country. Our company is public, so the data includes sensitive information such as SIN numbers, banking details, and even medical records of both employees and the public. I've been told this access has been approved by higher management, but I have serious doubts about the honesty of that approval. I can't shake the feeling that this could have legal consequences, particularly under MFIPPA, and I want to be cautious before proceeding.
1 Answer
It's definitely wise to involve your company's legal team in this situation. They need to be aware of the potential risks you're facing. It may also be crucial to notify higher management about your concerns with this request and the possibility of a serious data breach. It's not just an IT issue; this could have legal ramifications if sensitive data is mishandled. Better to be safe and ensure everything is documented.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures