Pipeda
The PIPEDA requires that any business that collects, uses or discloses personal information in the course of commercial activity establish privacy policies and practices based on the following ten privacy principles of the Canadian Standard Association’s Model Code for the Protection of Personal Information. This code was developed by Canadian businesses, academics, consumers and government through the Canadian Standards Association and has been incorporated as a schedule to PIPEDA.
1. Accountability
2. Identifying Purposes
3. Consent
4. Limiting Collection
5. Limiting Use, Disclosure and Retention
6. Accuracy
7. Safeguards
8. Openness
9. Individual Access
10. Challenging Compliance
Under the “Accountability” principle, your organization must:
• Accept responsibility for personal information under its control;
• Designate at least one representative to be accountable for the organization’s compliance with the 10 principles set out in Schedule 1 of PIPEDA;
• Make the identity of the designated individual(s) known on request;
• Protect all personal information in the organization’s possession or custody, including information that has been transferred to a third party for processing;
• Use contractual or other means to ensure a comparable level of protection while personal information is with a third party for processing;
• Develop and implement policies and practices to uphold the 10 principles set out in Schedule 1 of PIPEDA including:
• Implementing procedures for protecting personal information;
• Establishing procedures for receiving and responding to complaints and inquiries;
• Training staff and communicating information to staff about the organization’s policies and practices; and
• Developing information to explain the organization’s policies and procedures.
Under the “Identifying Purposes” principle, your organization must:
• Identify why it is collecting personal information at or before the time of collection;
•
1. Accountability
2. Identifying Purposes
3. Consent
4. Limiting Collection
5. Limiting Use, Disclosure and Retention
6. Accuracy
7. Safeguards
8. Openness
9. Individual Access
10. Challenging Compliance
Under the “Accountability” principle, your organization must:
• Accept responsibility for personal information under its control;
• Designate at least one representative to be accountable for the organization’s compliance with the 10 principles set out in Schedule 1 of PIPEDA;
• Make the identity of the designated individual(s) known on request;
• Protect all personal information in the organization’s possession or custody, including information that has been transferred to a third party for processing;
• Use contractual or other means to ensure a comparable level of protection while personal information is with a third party for processing;
• Develop and implement policies and practices to uphold the 10 principles set out in Schedule 1 of PIPEDA including:
• Implementing procedures for protecting personal information;
• Establishing procedures for receiving and responding to complaints and inquiries;
• Training staff and communicating information to staff about the organization’s policies and practices; and
• Developing information to explain the organization’s policies and procedures.
Under the “Identifying Purposes” principle, your organization must:
• Identify why it is collecting personal information at or before the time of collection;
•