The Personal Information Protection and Electronics Documents Act (PIPEDA) is the Canadian Federal legislation act currently in place. Unless a province has developed its own privacy act, it is automatically governed by the PIPEDA. Privacy legislation can be compared to the Employment Standards Act in that a Company with multiple offices across the country needs to be aware of provincial differences. At this time, Quebec, Alberta and British Columbia are the only provinces with their own privacy legislation.
Collecting private information is different than collecting and using business information. For instance, conducting a survey for marketing purposes is fine if the information being collected is for business-to-business use and not business-to- consumer or employee. An example of business-to-business use would be collecting an individual’s business email or mailing address.
A retailer asking for personal information prior to conducting a cash transaction would be business-to-consumer use.
Principles of Privacy Legislation
1. Accountability: An individual or individuals must be designated as accountable for the
organization’s compliance with privacy legislation.
2. Identifying purposes: The purpose for collecting private information needs to be clear. For example, “We need this information to be able to contact someone in the case of an emergency”.
3. Consent: Knowledge and consent of individual are required for information collection.
4. Limiting Collection: Collection of information is limited to that which is necessary to carry out the purposes identified by the Company. For example, you can’t ask for an individual’s waist measurement as an “add on” question if the information is not relevant to the purpose of collection.
5. Limited Use, Disclosure, Retention:
-Personal information will only be used for the purpose originally communicated
-Personal information will not be disclosed to others
-Personal information is only retained for the period of time necessary for fulfillment of those purposes.
6. Accuracy: Keep information up to date and accurate.
7. Safeguards: Keep the information safe. More sensitive material requires stronger
8. Openness: Company needs to communicate policies and practices relating to managing personal information.
9. Individual Access: An individual has the right to ask to be informed of the existence, use, and disclosure of his/her personal information. This means that any individual has the right to see his or her files and ask what we have used the information for.
10. Challenging Compliance: An individual has the right to address concerning compliance with above principles to the Office Administrator.