The Personal Information Protection and Electronic Documents Act (PIPEDA) is a federal law, enacted in 2000, which establishes rules for how private organizations may collect, use and disclose personal information in the course of their commercial activities. Under the law, organizations must:
- Have clear, understandable, and readily available personal information policies
- Obtain consent when collecting, using and disclosing personal information
- Collect information by fair and lawful means
On June 18, 2015, the Parliament of Canada passed the Digital Privacy Act (Senate Bill S-4), which amends PIPEDA. Here we’ve highlighted the two changes to PIPEDA most likely to affect your business and what you can do to ensure compliance.
1. Data breach notification
Perhaps the most substantive change to PIPEDA is the amendment that, in the event of an information breach, requires organizations to notify both the Privacy Commissioner of Canada as well as the individual affected, “if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm” to the individual. Failure to report data breaches may result in a fine of up to $100,000 for your company.
2. Privacy breach record keeping
The new PIPEDA amendments also require organizations to maintain a record of all breaches of personal information. All privacy breach records must be made available to the Office of the Privacy Commissioner of Canada upon request. As a result, all hard copy and digital data related to breaches of personal information must be retained indefinitely. Knowing non-compliance is a criminal offense.
While neither the data breach notification or record keeping requirement is yet in effect, it’s wise to prepare your organization for future compliance. Now is the time to review information security best practices with your staff.
Paper records: These should be stored in a secure, off-site records centre to prevent unauthorized access. A professional records storage provider offers assurance that your documents and files are protected by the following systems:
- 24/7 security surveillance
- Barcode tracking
- Access control and security monitoring technology
Electronic media: Data tapes should also be stored off-site in a vault designed specifically for the protection and preservation of electronic media. Proper data storage, combined with media rotation, safeguards your digital information from unauthorized access.
Document destruction: Within your office, it’s important to securely dispose of outdated paperwork on a daily basis. Professional paper shredding services place secure collection containers in your facility to encourage secure and responsible disposal of sensitive documents. Files can be dropped into a collection container in a fraction of the time it takes to use a paper shredding machine. All material is destroyed beyond recognition according to National Association of Information Destruction (NAID) AAA requirements.
With the right records and information management solution to help, your organization can meet all PIPEDA requirements.
Docu-Dépôt offers records and information management services for businesses in Montréal and throughout Québec. For more information, please contact us by phone or complete the form on this page.
HOURS OF OPERATION
Open to the public during the following hours:
Mon-Fri from 8:00-17:00
After 17:00 Dial (514) 271-3223 ext 299 and leave a message. We will contact you within 5 minutes.
© Copyright 2017 Docu-Dépôt. All Rights Reserved.