|
|
EDITORIAL
Information Privacy
Isn't it just a little disturbing to think of how much of your personal
information is sitting out there in cyber space? Social insurance number,
financial records, health records, credit card numbers, internet sites
visited, travel history, buying habits, driving record, shoe size. Even more
disturbing is, that up until this year, we had no enforceable law to govern
the collection, use and disclosure of that personal information. Ever wonder
why all those credit card companies want you to use their cards? Why you are
constantly invited to free skiing vacations? Why your mail includes letters
from weight loss clinics? They know who you are.
On January 1, 2004 the protection of individual information moved a large
step forward as Canada enacted the Personal Information Protection and
Electronic Documents Act (PIPEDA). This legislation has been in affect for
government institutions and federally incorporated companies since 2001. Of
interest to our clients is that it is now applicable to all private sector
commercial enterprises. That is correct; all private sector commercial
enterprises.
While you may not think your business possesses any revealing personal
information, you might want to give this a little more consideration. Do you
take credit or debit cards? Do you have employees? Do you have customer
names and addresses? Do you email your customers? Do you have customer phone
numbers? All of this is personal information used in the course of a
commercial activity, and all of it is subject to PIPEDA.
Compliance with PIPEDA can be fairly involved, depending on the size and
type of business you operate. You will require a designated individual who
will be your business's Privacy Officer. This individual must be trained as
he or she will be accountable for the organization's compliance with PIPEDA.
After you have determined precisely what personal information you do
collect, use and disclose you must develop written privacy policies along
with procedures to ensure your business is adhering to those policies. You
will need consent from your customers, employees and other individuals for
the collection, use and disclosure of personal information. While some use
of personal data is implied by the nature of the service, it will always be
best to obtain informed and express consent.
The Privacy Commissioner of Canada is charged with overseeing this
legislation. While the PCC has no authority to fine or lay criminal charges
it may refer third party complaints to Federal Court along with a
recommendation for monetary damages. The PCC also has the ability to make
public those organizations in violation of the Act. While this may, at first
glance, seem to be toothless, the damage to a business's reputation can be
devastating. Would you deal with a business that does not protect your
personal information?
Protection of personal information is very important to your customers, and
ours. Although PIPEDA has only now legislated information protection, it has
always been a critical part of our business practices at VMSW. We are
required by the Institute of Chartered Accountants of Ontario to guard our
client's personal information, and our own business values reinforce that
requirement. Garry Honcoop is our designated Privacy Officer. We are in the
process of developing our written privacy policies as the Act requires. We
will provide these policies to our clients in due course.
People Management Group, the human resources consultants within our
Integrated Business Professionals alliance, has been conducting workshops on
the Human Resources implications of PIPEDA for a number of our clients. We
would be pleased to refer you to PMG if you wish to participate in future
PIPEDA workshops.
Brent VanParys
 Back to
Top
 Back to Resources Page
|
|
|
