In today’s digital era, the way you treat your clients' information matters. People are conscious and increasingly concerned of how their personal information is collected, used, and shared.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law, regulating how to handle personal information you gather in your commercial activities.
Does privacy legislation apply to me?
PIPEDA applies to all federally-regulated businesses in Canada, with the exception of British Columbia, Alberta and Quebec, who have their own privacy laws. However, even if your business is located in one of these provinces PIPEDA may apply if any personal information crosses jurisdiction. For businesses requesting Personal Health Information, most provinces and territories have established a privacy act on how the information is to be collected and handled — so be sure to review your provincial or territorial legislation.
What is “personal information"?
Personal information includes age, medical records, income, ethnic background, employee files, credit card numbers and so forth. Generally, any information not available on a business card is protected.
For a full list of what is covered by the legislation, see the Privacy Commissioner’s website.
How do I create a privacy policy?
Start with the Office of the Privacy Commissioner of Canada. Their website includes:
- A toolkit for businesses, which will walk you through your responsibilities, what the Act covers, and the underlying principles of any good privacy policy.
- A list of 10 Tips for a Better Online Privacy Policy.
- A video on protecting your customers’ privacy.
- And more resources – check out the PIPEDA compliance help section.
How can I comply with the Act?
Privacy legislation is complex, but here are six things you should do to better protect your clients’ and employees’ data and avoid a complaint.