WaterlooSecurity

• Canadian Privacy Laws

Canadian Privacy Laws

Did you know . . .

Legislation such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and related Provincial statues require Canadian companies to establish a privacy policy. In fact, as of 2004, all organizations that collect personal information are obligated to take steps which ensure its integrity. In the case of electronic records, appropriate safeguards include the use of encryption and network fortification.

Situations where private information becomes exposed can prove costly for any company. The reporting process, such as the joint Ontario-British Columbia framework, establishes an important but frustrating procedure. Aside from time and money, disclosing a security breach can threaten an organization’s relationship with customers (not to mention its general reputation.)

Furthermore, PIPEDA empowers the Privacy Commissioner to initiate security audits and even litigation against non-compliant corporations. This can present a particular problem for smaller organizations that do not have well developed security policies and procedures. Whereas big-businesses can typically draw upon existing in-house legal and IT security departments, a company of a dozen employees may benefit from outside support.

WaterlooSecurity can assist small and medium-size businesses in meeting their privacy obligations, and by extension, their IT requirements.

For more information, consult the following:

http://www.privcom.gc.ca/information/guide_e.asp
(PIPEDA guide for business)

http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp
(PIPEDA--full statute)

http://www.privcom.gc.ca/information/guide/2007/gl_070801_02_e.pdf
(Breach reporting process)