Understanding the Personal Information Protection and Electronic Documents Act (PIPEDA)
First applying to federally regulated businesses in 2001 and covering all in 2004, PIPEDA establishes strict guidelines that instruct how Canadian businesses can handle their data. Further augmented in May 2010 by the introduction of Bill C-29, all private sector businesses are required to uphold the dictates that the Personal Information Protection and Electronic Documents Act outlines.
Within the law, various requirements are outlined for private businesses to follow—provided that there are not any other regional privacy laws that enforce similar or greater standards already in place. In this case, PIPEDA is superseded by these laws…although PIPEDA comes back into play when provincial or national borders are crossed by data.
What Does PIPEDA Require of Businesses?
A large part of PIPEDA is summarized in the ten principles that the law establishes:
- Identifying Purpose - PIPEDA requires businesses to inform those whose data is collected the purpose behind its collection, with new consent acquired for any additional use.
- Consent - All data collected needs to be given with consent, with circumstances dictating if that consent can be implied or expressed.
- Limiting Collection - PIPEDA requires that businesses only collect data that is necessary, maintaining their collection processes to abide by this limit.
- Limiting Use, Disclosure, and Retention - All data collected can only be used to match the conditions it was collected under, and can only be kept long enough to be reviewed by its original owner and to serve its intended purpose.
- Accuracy - PIPEDA requires that a business does its due diligence to maintain complete and accurate records.
- Safeguards - For a business to be compliant with PIPEDA, its data needs to be protected from theft, access, or modification from the time it is collected to the time it is deleted.
- Openness - PIPEDA requires that a business share their collection policies, as well as the contact information for the person responsible for managing it.
- Individual Access - PIPEDA also grants individuals the right to access and review the information you have stored on them.
- Challenging Compliance - PIPEDA also establishes that an organization needs to enable individuals to question the organization’s compliance with the person responsible for maintaining it.
You Need to Be Sure that Your Business is Compliant to PIPEDA
With substantial fines imposed on businesses that fail to comply with PIPEDA, it is truly in your business’ best interest to uphold these requirements. Coleman Technologies can help you do so with our assortment of cybersecurity and data protection services. Don’t wait until an issue presents itself to take action! Give us a call at (604) 513-9428 today to ensure your data is safe and your compliance is attended to.