{"id":138,"date":"2016-11-01T20:36:48","date_gmt":"2016-11-02T01:36:48","guid":{"rendered":"http:\/\/npsa.parentreprise.com\/?p=138"},"modified":"2017-01-22T08:24:44","modified_gmt":"2017-01-22T13:24:44","slug":"2016-11-regulatory-compliance","status":"publish","type":"post","link":"https:\/\/kwnpsa.ca\/index.php\/2016\/11\/01\/2016-11-regulatory-compliance\/","title":{"rendered":"2016-11:   Regulatory Compliance"},"content":{"rendered":"<p><strong>Location:<\/strong>\u00a0 The Working Centre 58 Queen Street South, Kitchener, ON (plan)<br \/>\n<strong>Date:<\/strong> November 14th, 2016<br \/>\n<strong>Time:<\/strong> 7:00 PM<\/p>\n<p>Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow?<\/p>\n<p>How do you store compliance documents such as sign-offs, NDAs, and contacts?<br \/>\nWhat do you use for secure document storage and transmission?<br \/>\nHow do the SysAdmins get along with the Lawyers?<br \/>\nWhen is encryption required? What do you encrypt and when?<\/p>\n<p>=====<\/p>\n<p><em>Thanks to Martin Edmonds for moderating this month.<\/em><\/p>\n<p>Points raised:<br \/>\n\u2022 Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)<br \/>\n\u2022 In addition to govt regulations, must consider industry practices &amp; standards<br \/>\n\u2022 Following of the Ont. Non-Profit Corporations Act (ONCA<br \/>\n\u2022 Maintenance of email lists:<br \/>\no use double opt-in<br \/>\no using email lists only for stated purpose<br \/>\no offer mechanism for requesting to be removed<br \/>\n\u2022 On website for incorporated organization (In Europe, but not yet in North America)<br \/>\no need to specify if cookies will be saved<br \/>\no need to specify physical address (required in Europe)<br \/>\n\u2022 Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)<br \/>\n\u2022 Adherence to Copyrights laws when photocopying<br \/>\n\u2022 What responsibilities does organization have when providing internet access to public<br \/>\n\u2022 Audits from organizations that grant non-profit status or organizations that provide grants<br \/>\n\u2022 Software audits (Eg Microsoft ensuring license adherence)<br \/>\n\u2022 Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person<\/p>\n<p>How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?<br \/>\n\u2022 LotusNotes used to route a document and get sign-offs along the way<br \/>\n\u2022 Block chain systems (discuss further in future meeting)<br \/>\n\u2022 Electronic forms on secure file server or encrypted device<br \/>\n\u2022 Encrypted data.<br \/>\no TrueCrypt<br \/>\n\uf0a7 There are some known vulnerabilities in the Windows version.<br \/>\n\uf0a7 Veracrypt is a fork of TrueCrypt).<br \/>\no Luks container<br \/>\no Offsite (using send command)<br \/>\no ZFS (a file system)<br \/>\n\u2022 Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.<br \/>\n\u2022 Encrypted email systems eg. Enigmail (a thunderbird plug-in)<br \/>\n\u2022 Online service to encrypt mail eg. Proton Mail, and Tutanota<br \/>\n\u2022 Signal, Telegraph, and WhatsApp for encrypting instant messages<\/p>\n<p>** Potential topics for future meetings<br \/>\n\u2022 Block chain systems<br \/>\no Book: London Review of Books had two stories by the same author Andrew O\u2019Hagen<br \/>\no Ethereum (a programming environment built on top of Block Chain)<br \/>\n\u2022 Accessibility rules<br \/>\n\u2022 Document storage formats (ODS, etc.) could be combined with document management systems<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Location:\u00a0 The Working Centre 58 Queen Street South, Kitchener, ON (plan) Date: November 14th, 2016 Time: 7:00 PM Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other &hellip; <a href=\"https:\/\/kwnpsa.ca\/index.php\/2016\/11\/01\/2016-11-regulatory-compliance\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,29,30],"tags":[],"class_list":["post-138","post","type-post","status-publish","format-standard","hentry","category-pastmeetings","category-regulatory-compliance","category-security"],"_links":{"self":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts\/138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/comments?post=138"}],"version-history":[{"count":3,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts\/138\/revisions"}],"predecessor-version":[{"id":149,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/posts\/138\/revisions\/149"}],"wp:attachment":[{"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/media?parent=138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/categories?post=138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kwnpsa.ca\/index.php\/wp-json\/wp\/v2\/tags?post=138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}