Most organizations are dependent upon their information and business systems, leaving them exposed to critical loss in the aftermath of a security breach. Fortunately, by implementing an information security management system ("ISMS"), as outlined in the only internationally accepted standard/code to address information security, a business can significantly reduce the risk of a security breach.

When privacy threats are on the rise, and identity theft is the fastest-growing crime, your privacy documentation should clearly demonstrate your commitment to information protection. Putting well-designed privacy policies and procedures in place is not just good risk management; it empowers you to create a trusting relationship with your customers, and guides your employees on how to handle information.

As on-line and off-line consumers, we are constantly prompted to disclose our personal information to organizations. But with each disclosure comes the risk that one's information will be mismanaged, accessed without authorization or stolen. In fact, it is estimated, that about one in 10 Canadians has been a victim of identity theft.

As personal information becomes an increasingly valuable asset, it is important for individuals to take their privacy seriously.

Before an organization can truly dedicate itself to the principles of privacy protection, it needs to take stock of its personal information holdings and the procedures it currently has in place. And in order to move forward on this road to privacy compliance, an organization needs to ask three basic questions: What type of personal information do we hold, where is it stored and how is it managed?

Enter the privacy audit.