Blog / Canadian Privacy Laws: Are You Approaching Them Right?
Is your organization approaching Data Security and Personal Information the correct way?
This is a key question to ask, because in too many situations, the answer is: “Probably not.” I’ve talked to several people who seem to think that Privacy Laws like PIPA and PIPEDA don’t apply to them, or that the Anti-Spam Regulations are not pertinent. The reasons I’ve heard are anything from “We’re not a government institution” to “That’s not for our industry.”
Now, depending on the nature of the organization you are talking about, it’s true that there are different sets of rules and laws you can apply. So, I thought that what I would do in this newsletter is to attempt a simple explanation of a few misconceptions.
Canada has a set of Federal Privacy laws called PIPEDA (Personal Information Protection & Electronic Documents Act.) In Alberta, we don’t need to worry about this, as we have laws that build on and override those rules, called PIPA (Personal Information Protection Act.)
PIPA and PIPEDA are laws that govern the collection and protection of PII (Personally Identifiable Information.) This means they have no limit on the scope of which industries and organizations they apply to. Any outfit that collects PII on citizens of Canada has the rules for PIPEDA applied to that data (for Citizens of Alberta it’s PIPA.) Even organizations not based in Canada need to follow those rules.
For many organizations, the only sort of data they will have fitting such criteria, is their employees’ personal information. For others (Medical Centers, Schools, Municipalities, Etc.), they will have a lot more than just that.
Alberta has a set of laws called FOIP (Freedom of Information and Protection of Privacy Act.) This sets out a set of guidelines when it comes to collection of personal data, as well as a citizen’s right to make requests about their data to any outfit that collects it. Again, just like PIPA/PIPEDA, these laws are not targeted at specific industries, but at data.
This means they apply to all organizations and industries. As mentioned, for most outfits, the only data this would apply to is their employee information.
Canada’s Law on Spam and Other Electronic Threats
This law is focused on things like consent for being contacted, as well as record-keeping.
What is the common factor in all these Acts and Laws? – They focus on the data. That means any organization can run afoul of these, depending on how they behave.
So, do these Laws apply to your organization? – Yes, they most certainly do! Exactly how they apply depends on how your business is being run and what it does.
If you have any questions about PIPA/PIPEDA, you can always reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.