Privacy protection is our business, so it's no wonder that on a weekly basis our customers ask us questions about the legal and practical considerations of privacy law compliance. If you're looking for similar guidance, these answers will help:
Q: What is PIPEDA?
A: PIPEDA, or the Personal Information Protection of Electronic Documents Act, requires private sector businesses to protect collected personal information. The law gives individuals the right to expect an organization to take appropriate security measures to protect their personal information. “Personal information” includes the following individually-identifiable data:
- Name, age and ID numbers
- Income, ethnic origin and blood type
- Credit, loan and medical records
Individuals may complain to the Office of the Privacy Commissioners of Canada (OPC) if they feel their personal information has been breached. While the OPC can only offer recommendations—not levy fines or sanctions—to organizations following an investigation, individuals can bring a complaint to the Federal Court of Canada where damages may be awarded to the complainant.
Q: Is PIPEDA Canada's only federal privacy law?
A: No, the Federal Privacy Act regulates how the federal government collects, uses and discloses personal information. This the law applies specifically to federal government agencies.
Q: Are there provincial privacy laws that affect my business?
A: Yes. Privacy laws can vary from one province to the next. For example , Quebec has its own Private Sector Act. Whether your business operates exclusively in one province or serves several, it's important to understand which laws apply to you so your business stays legally compliant.
Q: How does the Private Sector Act differ from PIPEDA?
A: The Private Sector Act is substantially similar to PIPEDA. Private sector organizations in possession of personal information have an obligation to prevent unauthorized access to that data.
Q: What's the best way to comply with privacy laws?
A: It's crucial to have a comprehensive strategy to address information management for the entire life cycle of a document. From creation, to storage and destruction of business records and data, the areas to focus on include:
- Document storage security
- Processes for the final disposition of documents and media
- Business continuity and disaster recovery planning
A local records and information provider can implement cost-effective, reliable and compliance driven solutions to help your company keep its private information protected.
If you have other questions about privacy law compliance, please contact us by phone or complete the form on this page. We love answering questions!
Docu-Dépôt provides records and information management services for businesses in Montréal and throughout Québec. For more information, please contact us by phone or complete the form on this page.
HOURS OF OPERATION
Open to the public during the following hours:
Mon-Fri from 8:00-17:00
After 17:00 Dial (514) 271-3223 ext 299 and leave a message. We will contact you within 5 minutes.
© Copyright 2019 Docu-Dépôt. All Rights Reserved.