As of January 1st 2004, all Ontario businesses must be in compliance with the new Federal Privacy Laws. There will be no grace period to avoid hefty fines, ensure your company is in full compliance with the Act. Find out what administrative changes you’ll need to make and what procedures you’ll have to implement.
In Canada, we are protected by two federal privacy laws. The Privacy Act covers the personal information-handling practices of the federal government and the Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's new private sector privacy law, which came fully into effect on January 1, 2004.
Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA sets out ground rules for how private sector organizations can collect, use or disclose personal information in the course of commercial activities. It balances an individual's right to privacy with the need of organizations to collect, use or disclose personal information for legitimate business purposes. The basic outline of PIPEDA looks like this:
- If your business wants to collect, use or disclose personal information about people, you need their consent, except in a few specific and limited circumstances.
- You can use or disclose people's personal information only for the purpose for which they gave consent.
- Even with consent, you have to limit collection, use and disclosure to purposes that a reasonable person would consider appropriate under the circumstances.
- Individuals have a right to see the personal information that your business holds about them, and to correct any inaccuracies.
- There's oversight, through the Privacy Commissioner of Canada, to ensure that the law is respected, and redress if people's rights are violated.