NEW PRIVACY STANDARDS – Jan 2004

Canadian entrepreneurs need to be aware of another item on their “to-do” list. The Personal Information Protection and Electronic Documents Act (PIPEDA) comes into effect on January 1, 2004, and there are corporate obligations related thereto.

The significant growth in e-commerce in Canada and the world has heightened concern over privacy issues. Have you ever wondered how the personal information you have provided to a company has been used? How was it discarded or has it been? These are among the many questions that Canadian consumers are raising of late. According to the Canadian Institute of Chartered Accountants, “Canada’s Privacy Commissioner has called identity theft the fastest-growing crime in North America, and fears of financial or medical records being accessed inappropriately have consumers worried that they have lost all control over their personal information.”

As a result, the federal government has formed Canada’s first set of privacy standards, the Personal Information Protection and Electronic Documents Act (PIPEDA), which will come into effect on January 1, 2004. The standards require organizations to be accountable for the collection, use, disclosure and retention of personal information For the Privacy Commissioner’s website, go to www.privcom.gc.ca/index_e.asp . Go to www.cica.ca/privacy and scroll down to “Canada’s Privacy Legislation – What it means for your organization” for details of the standards.

How does this affect your business? Good privacy practices can lead to increased customer confidence and ultimately better your company’s performance. Risks of non-compliance range from damaging consumer relationships to facing legal action.

The above mentioned website also carries an article titled “20 Questions a Small Business Should Ask About Privacy”, which is another good reference for understanding a company’s responsibilities in implementing a formal privacy program.

Effective January 1, 2004, the BC provincial government introduced their Personal Information Protection Act (PIPA) which applies to provincially regulated businesses, non-profit organizations, trade unions and other organizations in BC. The spirit of PIPA is similar to PIPEDA in regards to the protection of personal information; however, BC companies should be aware of both. PIPEDA will likely still apply to provincially regulated organizations when, in the course of a commercial activity, personal information crosses BC’s borders. It will also still apply to federally regulated industries in BC. As such, there could be circumstances where it is unclear which legislation is applicable.

For a comprehensive guide for businesses and organizations that must comply with PIPA, go to www.oipcbc.org/. Click on “Private Sector Privacy” and then on “A Guide to PIPA”.