Feb 2, 2004
Personal Information Protection and Electronic Documents Act ("PIPEDA")
By: Jonathan Zepp
2004 ASSESSMENT APPEAL DEADLINE
Commencing January 1, 2004, the federal Personal Information Protection and Electronic Documents Act ("PIPEDA") applies to organizations that collect, use, and disclose personal information and personal health information, in Canada, in the course of commercial activities. PIPEDA may eventually be replaced by provincial legislation which is substantially similar, but which is more detailed and addresses specific issues that are within provincial jurisdiction.
Organizations must assess their current practices with respect to the collection, use and disclosure of personal information about customers, and review and revise their customer agreements and related documents and policies in order to comply with the detailed privacy protection standards the legislation contains.
It is important to note that PIPEDA will not apply to businesses in relation to their employees unless they are federal works or undertakings. However, with the likely prospect of provincial privacy legislation applying to employee information, many businesses are developing privacy compliance programs that relate to both their customers and employees.
The following is a summary of the steps that must be taken in order to comply with PIPEDA.
1. Comply with all of the following 10 principles of PIPEDA:
- Identifying purposes
- Limiting collection
- Limiting use, disclosure, and retention
- Individual access
- Challenging compliance
2. Appoint an individual (or individuals) to be responsible for your organization's compliance (a “Privacy Officer”).
3. Protect all personal information held by your organization or transferred to a third party for processing.
4. Develop and implement personal information policies and practices.
For the complete article view the document below.