I'm in a bit of a bind and need some advice regarding a concerning request at my workplace in Canada. My department head has asked me to provide a new external consulting group with unrestricted access to all files in our organization. This group, which we've only recently signed an agreement with, raises several red flags for me. For starters, they operate primarily with out-of-country personnel, which is alarming given that we deal with sensitive personal information, including Social Insurance Numbers, email addresses, physical addresses, banking details, and even medical records. I'm worried that this could result in serious legal implications, especially since our business is a public entity. I was told that this request was sanctioned by the organization's head, but I'm skeptical about the integrity of that approval. I feel that not complying could lead to reprimands, but I also fear the legal fallout if this information is mishandled.
4 Answers
Definitely pass this concern along to your company's legal team. It's critical to involve them before proceeding with any access grants. This situation goes beyond normal IT tasks; it sounds like a significant legal issue that needs proper handling.
If your department head is requesting this, they should have already consulted with HR, Legal, and InfoSec about the implications. I recommend directly voicing your concerns to them and asking if other departments have approved this access, especially given the sensitive nature of the data involved.
That's a huge red flag. If it’s supposed to be confidential but doesn't involve all relevant departments, I’d be very wary.
Just ensure all data is backed up before granting access, and make it clear they don’t have access to those backups. It's crucial to make sure the necessary legal agreements are up to date, but don't hesitate to ask about them.
If you end up facing any potential reprimands, get them documented in writing. Having a record will protect you if things go south—keep that safe just in case.
No one else seems to know about this request, and I've been told to keep it confidential. That makes me even more uneasy about the entire situation.