Data Governance Policy
Introduction
WeighPack Systems Inc., hereafter referred to as “the Company” recognizes the importance of data governance in achieving its objectives and fulfilling its obligations. This policy outlines the principles and practices that govern the collection, use, storage, sharing, and disposal of data within the Company.
Scope
This policy applies to all employees, contractors, and third-party vendors who collect, use, store, share, or dispose of data on behalf of the Company, as well as to all data assets owned or managed by the Company, regardless of format or location.
Principles
The following principles guide the Company’s data governance practices:
- Data shall be collected, used, and shared in a lawful, ethical, and transparent manner, and in compliance with all applicable laws, regulations, and industry standards.
- Data shall be accurate, complete, and up-to-date, and shall be regularly reviewed, validated, and corrected as necessary.
- Data shall be appropriately secured, protected, and backed up to ensure its confidentiality, integrity, and availability.
- Data shall be accessed, used, and shared only on a need-to-know basis and in accordance with the Company’s access control policies and procedures.
- Data shall be disposed of in a timely, secure, and environmentally responsible manner in accordance with the Company’s data retention and disposal policies and procedures.
Roles and Responsibilities
The following roles and responsibilities are established to support the Company’s data governance practices:
- The Data Protection Committee (DPC) shall be responsible for developing, implementing, and monitoring the Company’s data governance framework, policies, and procedures, and for ensuring that all employees, contractors, and third-party vendors are aware of and comply with them.
- Data owners shall be responsible for providing clearly documented records pertaining to the scope of use for data they own, establishing appropriate access control policies and procedures, and ensuring the accuracy, completeness, and quality of their data.
- Data custodians shall be responsible for managing the storage, protection, and backup of the data they are entrusted with, in accordance with the Company’s data security and backup policies and procedures.
- Data custodians will also be responsible for the identification and disposal of transient records when they are no longer required.
- Data users shall be responsible for using the data they are authorized to access in a lawful, ethical, and responsible manner, and for reporting any data inaccuracies, discrepancies, or security incidents to their supervisors or the DPC.
- Third-party vendors shall be required to comply with the Company’s data governance policies and procedures and to provide appropriate assurances of their compliance.
Compliance and Audit
The Company shall establish a process for monitoring, enforcing, and reporting on compliance with this policy and its associated procedures. The DPC shall be responsible for conducting periodic audits of the Company’s data governance practices to assess their effectiveness, identify gaps and risks, and recommend corrective actions as necessary.
Training and Awareness
The Company shall provide training and awareness programs to all employees, contractors, and third-party vendors to ensure their understanding and compliance with this policy and its associated procedures.
Review and Revision
This policy shall be reviewed and revised periodically, or as needed, to ensure its continued relevance, effectiveness, and compliance with applicable laws, regulations, and industry standards.
Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may also lead to civil or criminal liability.
Effective Date
This policy shall become effective as of November 15, 2023, the date of its approval by the Company’s management via its DPC.
COOKIE POLICY
To enhance your experience on our sites, many of our web pages use “cookies”. Cookies are small text files that we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personal information unless you choose to provide this information to us by, for example, registering at one of our sites. Once you choose to provide a web page with personal information, this information may be linked to the data stored in the cookie. A cookie is like an identification card. It is unique to your computer and can only be read by the server that gave it to you.