Ground Labs | 3/25/2021
PIPEDA, or Personal Information Protection Electronic Documents Act, is a Canadian privacy law that governs how private sector organizations collect, use, and disclose personal information in order to carry out their business. In general, organizations covered by PIPEDA need to obtain an individual’s consent when they collect, use, or disclose that individual’s personal information (PI). That same individual can also challenge the accuracy of the information.
PIPEDA compliance requires a deep understanding of the 10 fair information principles. While we will dive into these principles in greater detail, the overall theme is that individuals:
Categories of data considered personal information under PIPEDA include:
PIPEDA applies to the following:
What is a commercial activity? The PIPEDA legislative definition is:
“Any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.”
Essentially, it is the activity in which you are using the information that needs to be commercial, not the information itself.
You are exempted from PIPEDA compliance if you are any of the following:
Additionally, the exemption can depend on where you’re handling the personal information. You may be exempt from PIPEDA if your providence has its own privacy legislation.
Lastly, an individual may be exempt from PIPEDA if they are only collecting personal information for solely personal purposes – for example collecting email addresses to send out Thank You letters. An organization is exempt from PIPEDA if it is collecting personal information for “journalist, artistic, or literary purposes.”
There are several steps that need to be followed in order to ensure PIPEDA compliance. This includes:
Receiving an individual’s consent before handling information. This consent needs to be explicit and if you decide to use the information for a purpose different than first intended, you need to receive consent again.
Allowing the individual to see any personal information you have about them if they ask. You must also correct any information if they claim it is inaccurate.
Sufficiently safeguarding the information against being used for any purpose without consent or falling into someone else’s hands. You must also ensure the individual is aware of these safeguards in place.
In order to ensure your company is PIPEDA compliant we recommend following this checklist accordingly:
Companies are facing immense challenges in obeying compliance laws like PIPEDA while still leveraging data legally to boost business growth. It’s impossible for businesses to obey PIPEDA requirements and ensure compliance without precise data discovery.
Data discovery provides solutions to questions like:
By incorporating data discovery tools, your company can quickly and proactively locate, track, and trace data, whether it’s stored on servers, desktops, in email and databases, on prem, and in the cloud.
The best current data discovery tools will also keep your company PIPEDA compliant and prepared for any future compliance regulations. Compliance software has built-in intelligence that accounts for regulations like PIPEDA and ensures that you always know where your data resides and provides automated efforts to help identify personal and sensitive data exposed in a breach.
PIPEDA grants consumers the right to:
There are a number of outcomes that can occur if there is an alleged breach.
Here are some of the most common:
Non-compliance fines could be up to $100,000 for companies who don’t meet PIPEDA requirements.
Guarantee your PIPEDA data protection by contacting Ground Labs, a data solutions company entirely devoted to helping organizations fulfill compliance standards. Discovering,
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.