How well do you really understand the unique laws that govern policies and transactions in your field of work?
Understanding compliance is critical, and our team works hard to ensure that our clients acknowledge and understand how they’re impacted. Have you heard of PIPEDA?
The Personal Information Protection and Electronic Documents Act sets out to protect how private sector organizations collect, use, and disclose personal information in the course of commercial actives. It’s a Canadian law designed to keep citizens protected by ensuring data privacy.
The law gives individuals the right to access and request correction of any personal information that an organization may have collected about them.
What Does It Mean for You?
There are some exceptions to those governed by PIPEDA. Generally it applies to organizations’ commercial activities in all provinces. However, organizations that collect, use, or disclose personal information within provinces that have their own privacy laws are exempt. Even in those cases, the provincial laws are substantially similar to PIPEDA.
Generally, these laws govern:
- What personal information can be collected from individuals
- When consent is required to collect personal information and how that consent must be obtained
- What notice must be provided before personal information is collected
- The purposes for which personal information may be collected, used or disclosed by the organization
- How an individual may obtain access to and request correction of his or her personal information held by the organization
New revisions to this law also dictate that any data breaches or loss of personal information must be reported. These new amendments dictate that an organization must:
- Notify any individual whose personal information is compromised by a breach and provide any steps the individual can take to protect themselves.
- Notify any other organization or government institution if doing so might mitigate the harm caused by the breach, as soon as possible.
- Maintain records of every breach involving personal information that is under the organization’s control.
Fines for non-compliance are actionable up to $100,000 per offence. It is critical that your business understands these guidelines and how they directly impact your activities and business transactions.
To learn more, reach out to PACE Technical Services – our team understands the unique compliance needs that affect your operations and we’re eager to ensure you’re always working in line with these regulations. Contact us at firstname.lastname@example.org or 905.763.7896 Ext. 214.