Coleman Technologies Blog

Here, we’ve put together a list of suggestions for the different kinds of coworker you might have to provide a present for.

The Health-Conscious

Let’s face facts - the desk jobs that are typical of the office aren’t exactly the healthiest ones in the world, so there are plenty of gifts that are intended for the office worker who wants to fight the battle of the bulge.

From numerous standing desk and converter options, to chairs that require active sitting (like those big inflatable balls you sit on) or are specially designed with ergonomics in mind, to elliptical machines that fit under a desk, you have your choice of means to help decrease sedentary behavior in the naturally-sedentary office environment, or at least minimize its impact.

Want to take the more affordable route? Look into posters with yoga positions or rolled up yoga mats that can be stowed away. If your office has an outdoor space, a few outside gifts like frisbees, jump ropes, and hackysacks might be a big hit.

While you may not be able to give your coworker the ability to avoid the snacks in the break room, or the extra cupcakes that Susie from Human Resources brought in from her daughter’s 7th birthday party, you can at least help them fight off their effects.

The Productivity-Minded

We all have that coworker who likes to keep themselves as organized as possible, as the more organized they are, the more productive they can be. There are many gifts that may be perfect for such a person, especially with the new year following so closely behind the holidays. For instance, a personal calendar or planner is a popular tool that many people use, especially those who prefer to find it easier to remember their responsibilities if they record them in analog, rather than digital format.

Alternatively, you might consider getting such a person a means of keeping their space uncluttered and organized, such as an attachable storage shelf for their desk, or a case to help them keep their various peripherals, dongles, and doodads organized and easily portable.

Of course, one of the most common ways to boost productivity is to add an additional display, so you always have the option to invest in any of a variety of products that can accomplish this. There are additional monitors for both desktops and laptops, of course, but there are also docks that can turn a mobile device into an additional, interactive display. Of course, these can be pricier than a gift for a coworker should perhaps be, but there are also options with a much less considerable price tag - like a wireless phone charger or similar device.

The Fidgeter

We all have that coworker who tends to think with their hands - that person who needs something tactile to help organize their thoughts. This is a fairly easy person to buy a gift for, as there are plenty of “desk toys” out there that you can find - fidget spinners, levitating tops, and magnetic balls just being the start.

One word of warning - unless your coworkers are always listening to music while they work, or are exceptionally patient, you will probably want to make sure whatever tchotchke you decide to give someone is minimally disruptive. Otherwise, your gift may result in issues down the line.

Of course, you don’t necessarily need to give gifts that are just for the office. It’s always fun to get a more personalized gift for someone to use in their personal life, as it means that you have really gotten to know your coworkers.

What was the best gift you ever got from an office gift exchange? What would you hope to receive now? Share it in the comments - you never know, someone might see it and give it to you!

1. report to the Office of the Privacy Commissioner (“OPC”) breaches of security safeguards involving personal information under the organization’s control if it is reasonable in the circumstances to believe that the breach of the security safeguard creates a real risk of significant harm to an individual or individuals;
2. notify the affected individuals about those breaches; and
3. keep records of all breaches.

What you might not be aware of is that these data breach obligations apply to your business even if it is your third-party data processor who suffered the actual data breach. Additionally, if your business transfers personal data to a third-party for processing, your business is legally obligated to ensure appropriate contractual terms are place with that third-party to protect the personal data while in the possession of the third-party. 

Do You Use Third-Party Data Processors?

If you have a business, it almost certainly engages third-party service providers to process its data. For example, if your business uses any cloud services, you have engaged a third-party to process your data. Cloud services include things like online data storage, webmail, social networking websites, online business productivity applications, and software-as-a-service offerings. Any time you collect personal information about an individual (e.g. your customers or employees) and store that information in the cloud, you have engaged a third-party to process personal data thereby triggering legal obligations under PIPEDA.

It is important to keep in mind that third-party data processors are not limited just to cloud services providers. Processing does not necessarily require the application of a computer. For the purposes of PIPEDA, processing is better understood as a use of personal information by a third-party service provider where the third-party did not directly collect the personal information from the individual who is the subject of the personal information, but instead received the personal information from the organization (e.g. a business) that directly collected the personal information and obtained consent to use the personal information for the purposes that the third-party is now carrying out on behalf of the organization (i.e. the entity that originally collected the personal information).  Consequently, a third-party data processor could be, for example, a third-party call centre you engage to contact your customers about important product information, a payroll company that provides your business with payroll services,  or an insurance provider that provides group benefits to your employees.

Who Is Responsible In The Event of a Data Breach

It would be reasonable to assume that if your business transfers personal information to a third-party for processing, and that third-party suffers a data breach related to such personal information, the third-party would be legally obligated to comply with the mandatory data breach reporting obligations under PIPEDA; however, this is not the case. It is the outsourcing organization (i.e. the transferor of the data) – and not the third-party service provider – who is responsible for compliance with PIPEDA’s mandatory data breach reporting obligations. This is because the reporting obligation falls upon the organization in control of the personal information, and the OPC has taken the position that it is typically the outsourcing organization, and not the third-party service provider, who has control of the personal information. Consequently, if you engage a third-party service provider to processes personal information that you have collected and that third-party service provider suffers a data breach, you (the outsourcing organization) have the reporting, notification, and record keeping obligations and the corresponding liability under PIPEDA for failure comply with those obligations.

PIPEDA Compliant Contractual Terms

Since PIPEDA holds the customer (i.e. the outsourcing organization) of the third-party data processor liable for data breach reporting, it is crucial that contracts involving third-party data processing expressly address the customer’s rights, and the third-party service provider’s obligations, upon the occurrence of a data breach. Without data breach terms in your contracts, you might not even be notified by your third-party service provider that a data breach has occurred. This lack of notice would obviously undermine your ability to comply with PIPEDA’s data breach reporting, notification, and record keeping requirements. But to make matters worse, failing to have appropriate contractual arrangements with your third-party processors regarding data security and breaches is in and of itself a violation of PIPEDA’s accountability principle, which states:

An organization is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. The organization shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.

Unfortunately, third-party service provider contracts often completely omit data security and breach terms. This should be of immediate concern to customers of those third-party service providers, since the omission of contractual terms regarding data security and breaches places the customer in contravention of PIPEDA (regardless of whether or not a breach has actually occurred) and exposes the customer to significant risk and uncertainty should their third-party service provider suffer a data breach.

So what contractual arrangements should be implemented? For one, outsourcing organizations should ensure that their third-party service providers are obligated to notify the outsourcing organization of data breaches within the time periods required by PIPEDA. The third-party processors should also be obligated to ensure the notice contains enough information to enable the outsourcing organization to comply with PIPEDA’s mandatory data breach reporting obligations. This means that, at the very least, the notice should contain information concerning:

1. Date and time of breach;
2. Duration of the breach;
3. How the breach was discovered;
4. When the breach was discovered;
5. Type of security safeguard breached or whether breach occurred due to lack of security safeguard;
6. The type of breach;
7. Whether there is evidence of criminal intent or a state sponsored attack;
8. Who may have had access to the personal information;
9. Steps taken to mitigate harms flowing the breach and prevent future breaches;
10. The types of information involved (e.g. financial information, health information, etc.);
11. The number of affected individuals;
12. The names and contact information of the affected individuals; and
13. Other information that would enable the outsourcing organization to determine if the breach creates a real risk of significant harm to an individual.

Outsourcing organization should also contractually obligate third-party processors to:

1. comply with all applicable privacy and data security laws to which they are subject;
2. limit their use of the personal data to specific purposes;
3. not disclose personal data to third parties, subject to certain exceptions;
4. protect personal data from unauthorized access or breach by implementing security safeguards and controls;
5. investigate data breaches and take actions directed by the outsourcing organization to contain the breach; and
6. cooperate with the outsourcing organization in connection with the outsourcing organization’s reporting and notification obligations.

Although a good starting point, the above is not a complete statement of all contractual terms that should be included in agreements with third-party data processors and is of course a simplification of a complex topic. Deciding upon and drafting appropriate data security and breach contract terms requires an analysis of the totality of your circumstances by experienced legal counsel knowledgeable in privacy law. If your business needs assistance with developing PIPEDA-compliant contracts or with planning ahead for data breaches by third-party data processors, contact the author of this blog post, David McHugh, at This email address is being protected from spambots. You need JavaScript enabled to view it. or 604-629-5401.

The above blog post is provided for informational purposes only and has not been tailored to your specific circumstances.  This blog post does not constitute legal advice or other professional advice and may not be relied upon as such.

Original Source: https://segev.ca/legal-obligations-when-outsourcing-data-processing

Here, we’ll go over a few topics that your BYOD rules need to address.

Password Practices and Other Security

It’s hardly a secret that some people utilize lax passwords - especially on their personal devices, where there isn’t an IT department establishing policies to help ensure password strength. According to Pew Research Center, 28 percent of smartphone owners don’t use a screen lock. Obviously, this isn’t something that can be allowed in the business setting.

So, if your employees are going to use their personal devices to access business resources, you need to have a policy that their devices are set to lock after a certain period of inactivity, and require some form of authentication to unlock. Furthermore, the device should further lock down if an incorrect authentication code is input so many times.

Your policy should also include any required security solutions you plan to utilize as part of your mobile monitoring and management toolset. All devices should have antivirus installed, along with mobile device management and unified endpoint management solutions.

Provisioning and Network Security

Provisioning a personal device that is going to be used for company work helps to ensure a few things. Not only does it help to make sure that productivity applications are configured properly, it also helps to boost your security. Furthermore, your network needs to allow your employees’ devices to access the business network - not just a guest network you have set up. Of course, there should be procedures and safeguards in place to ensure that this is done securely.

Tracking, Remote Access, and Data Wiping

Accidents happen, and devices can be lost - and sometimes, stolen. Furthermore, any device that is attached to a company network and has accessed illegal content could possibly leave the company liable - especially if this content was accessed via the company network. Your IT team should have the capability to monitor what websites and content each device included in a BYOD strategy has accessed, as well as to remotely access these devices to help ensure their security should they wind up missing. It also helps if they can implement updates to work solutions and security measures.

If worse comes to worse, it is beneficial to be able to delete all of a device’s data remotely - that way, even if it is stolen, your data won’t be at risk for as long. This also comes in handy if an employee is ever to leave your employ and you want to make sure they no longer have your data (or access to it).

BYOD can offer significant benefits to any organization. To learn more about putting a policy in place at your business, give Coleman Technologies a call at (604) 513-9428.

First, let’s delve into what ITAM actually covers.

Understanding ITAM

Consider all of the internal resources that your business uses, with the exception of your living, breathing employees. Everything that’s left can be considered an asset. ITAM narrows this down further into specifically the assets that pertain to your comprehensive IT infrastructure. This includes:

• Hardware (like workstations, servers, printers, etc.)
• Software (antivirus, productivity titles, etc.)
• Any Peripherals (Keyboards, computer mice, other devices)

With these assets identified, ITAM assists you in tracking their purpose, how they interact, and other crucial details. This means, as you’ve likely realized, ITAM covers a considerable breadth of your resources, which makes it important that you keep it organized.

How ITAM Helps

A well-organized ITAM can help you save time and hassle by streamlining your processes, simply by keeping the data you need in a manageable and accessible record. As a result, you can make a variety of processes easier through improved data. This data can also help inform you of potential issues, or of the minimum requirements you have to meet to implement change.

Making the Most of ITAM

As promised, here are a few ways that you can optimize your use of IT asset management practices.

• Make it a proactive process. Managing your technology assets needs to be something that you start before you are required to do so, and that isn’t abandoned after reaching a certain milestone. This will help keep you prepared for a wider range of circumstances.
  
  
• Leverage automation. While Excel used to be an invaluable tool for asset management purposes, there are better options now that don’t require you to contend with spreadsheets that extend into the thousands of rows. Not only are automated solutions easier to manage, they come with a valuable set of added features to make your work life that much easier.
  
  
• Track your assets. This one especially applies to your software. There is often a difference between what an agreement says can be deployed, and what can be deployed practically. Keeping your agreements and receipts helps you pass audits by proving compliance.

Coleman Technologies can assist you with your IT assets. To learn more, reach out to us at (604) 513-9428.

What is Voice over Internet Protocol?

Traditionally, telephones work by sending electricity through the phone wires and phone lines and having it converted back into sound. Today, they have figured out how to do the same process through the Internet. Sounds are sent as data packets over Internet wires and then they are unpacked to make sounds again. VoIP is the product that has come from this innovation. Basically, where you once had to have an expensive business telephone system hardwired to your place of business, you can now do the same for a fraction of the cost by using your company’s bandwidth to send and receive calls.

How Does VoIP Work to Save Me Money?

VoIP presents several options that work to save your business money. They include:

You’re Paying for One Less Thing

Your business telephone system has worked, but the cost is high. Of course, you’ve needed it, but today, VoIP offers just as much in the way of features as a dedicated telephone system, but it does it through your Internet connection; a service that you almost assuredly have and use regularly. 

VoIP is Easier

Since VoIP is delivered via your Internet connection, your staff no longer needs additional infrastructure--such as a wired connection for every phone--to be able to make calls. You can scale your hosted VoIP solution up and back as you need. What’s more, for many solutions you can utilize your staff’s personal devices as reliable work phones through the use of a mobile app. That’s much easier.

VoIP is More Efficient

Most VoIP solutions enable you to provide them with an auto attendant feature that provides directions to callers. This reduces the time that people need to be on the phone. Clients get connected with the person they are calling, while employees won’t need to deal with their phone ringing and causing interruptions.

There are many other benefits to VoIP solution. If you would like to learn more about implementing VoIP and saving money in the process, reach out to Coleman Technologies at (604) 513-9428!