BY Stephen Cavey | 20/07/2020
In this day and age, where computer and electronic usage are constant, and the disclosure of personal information is the norm, it seems like every country has begun to make data privacy a greater priority. While many data privacy laws have been enacted recently – Europe’s GDPR of 2018, Brazil’s LGPD of 2020, and California’s Consumer Privacy Act (CCPA) of 2020 – there is one country that has been at the forefront of privacy rights since as early as 1983 – Canada.
There are a number of laws in Canada that relate to the privacy rights of its individuals, the two most well-known being The Privacy Act of 1983 and the Personal Information Protection and Electronic Documents Act (PIPEDA).
The Privacy Act is a law that sets out your privacy rights in relation to the interactions you have with the federal government – and how they collect, use, and disclose your personal information. Not only does the Privacy Act ensure that your personal information is being protected, but it gives you the right to request access to the information they have about you. About a decade later, conversation began moving beyond just data privacy in relation to the federal government. Organizations, corporations, and their customers began voicing concerns about how personal information was being collected and protected. Enter PIPEDA.
Succeeding the Privacy Act of 1983, The Parliament of Canada enacted The Personal Information Protection Electronic Documents Act, better known as PIPEDA. The goal of this act is to balance the rights of privacy of individuals and their sensitive personal data while taking into account the need of organizations to collect, use, or disclose personal information in order to carry out their business.
As of May 2019, organizations with obligations who have to comply with PIPEDA must always obtain an individual’s consent when they collect, use, or disclose that individual’s personal information. Individuals also have the right to access their personal information upon request, challenge its accuracy, or request that it be updated.
Lastly, personal information can only be used for the purpose in which it was collected. In the case that an organization wants to use it for another purpose, consent must be obtained again. It is also expected that organizations have safeguards or tools put in place to protect this sensitive information.
Businesses who are subject to PIPEDA are asked to follow what is referred to as the 10 fair information principles which are as follows:
Generally, PIPEDA applies to private sector organizations that are not federally regulated and conduct business in:
PIPEDA also applies to commercial organizations that use or disclose personal information in the course of commercial activity. Federally-regulated businesses such as airlines, banks, and telecommunications also are subject to PIPEDA.
Organizations that are exempted, include not-for-profit organization, political party, educational institution, or hospital, as long as they don’t partake in commercial activities, are exempt. For example, an organization that does fundraising and compiling lists of donors and members for the sole purpose of communication.
Failure to maintain compliance under PIPEDA can lead to hefty fines, loss of trust from your customers, and risking the integrity of your business. While the process of ensuring compliance and following each of the 10 fair information principles can seem daunting, it’s important to take the process one step at a time. And that begins with having awareness of where your organization’s personal data resides.
The best way to achieve this is with Ground Labs’ data discovery solution, Enterprise Recon. Ground Labs makes finding and remediating sensitive data simple and allows your organization to start the process of maintaining PIPEDA on the right foot. Powered by GLASS™ technology, Enterprise Recon enables the quickest and most accurate data discovery across the broadest range of platforms – ensuring that you always know where your data resides and that your Canadian business can continue to flourish and keep personal and sensitive data secure.
Ready to learn more about how to maintain PIPEDA compliance with Enterprise Recon? Schedule a demo today.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.