You are currently browsing:   Features- Protecting your Privacy  
Welcome to:
North & Company Online
Check out the 'Locations' Link to find contact information and addresses for all of the North & Company branch offices.
Find a North & Company Branch Office near you:
Find a North & Company Lawyer's Profile:
QuickLinks:

Protecting your Privacy

See This Lawyer's Profile

Email: W. Petersen
An article brought to you by:
Wayne C. Petersen

PRIVACY PROTECTION COMES TO THE PRIVATE SECTOR

For several years, Freedom of information and Protection of Privacy Acts have provided protection for and access to certain types of information collected, stored and used by governments of all levels. In 2000 the Government of Canada introduced the Personal Information Protection and Electronic Documents Act (PIPEDA) to offer Canadians protection of personal information held by the federal private sector.

These efforts were made to offer protection of privacy but also to allow Canadian businesses to compete in a new international electronic age. These initiatives have been successful enough that PIPEDA has been mandated, effective January 1, 2004, to extend to every organization in Canada that collects, uses, stores and distributes personal information in the course of a commercial activity. PIPEDA is quite complex and not particularly suited to small and medium-sized businesses. Therefore PIPEDA provides that where provinces have adopted legislation substantially similar to PIPEDA, those provincial privacy laws will take precedence except in limited instances.

Alberta's Bill 44, the Personal Information Protection Act, was passed into law December 4, 2003 and will become effective January 1, 2004. The legislative intent is to clearly and reasonably assist smaller businesses with protection of privacy and to grant access rights to persons with respect to their own personal information. PIPA applies to all organizations and persons who collect, use and distribute this personal information but does not apply to non-profit or charitable organizations unless they are operating commercial activities that deal in this personal information.

Personal information is anything that identifies an individual. Included are name, address, age, gender, weight, height, work or financial history, identification numbers, place of birth, ethnic origin. Also included are opinions, evaluations or comments about an individual. Personal information does not include business contact information such as names, job titles, business address and telephone numbers, email addresses and other information that might be found on a typical business card or directory. Information collected by an individual for personal purposes, like Christmas card lists, and personal information collected for journalistic, artistic or literary purposes has no PIPA application.

Most of your businesses have practices in place which respect personal information and protect it. You will notice little change with PIPA. However consent becomes a very important concept. There are some limited instances where personal information can be collected and disclosed but most other instances require direct or implied consent. You may wish to review those practices to ensure that you obtain consent and continue a consent process when collecting the personal information. You will also want to collect and store only what you need for the purpose intended. You should develop or improve your policies of advising your employees, customers and clients as to how their personal information is used, allow them to access their own personal information for review and correction, and make sure that you are storing the information in a secure and safe manner. Finally you will want to ensure that you destroy or return the personal information when it is no longer reasonably needed.

Because PIPA has provisions for investigation of complaints and remedial action, you will want to get ready for January 1, 2004. The first steps are to designate a privacy officer to monitor compliance and answer inquiries. Once that person has become familiar with PIPA, review your practices of handling personal information. Ask what information you collect, why and how do you collect it, what do you use if for, whom do you disclose it to, how do you secure and store it, who has or needs to have access, and how is it disposed of when no longer needed. Then challenge your practices with some practical tests, identify the deficiencies and develop a plan to fix them, always looking for new and improved ways to protect, collect, use, store, distribute and dispose of personal information no longer needed. You will need to consider training your staff to embrace the principles of privacy protection, adopt and practice your policies, and accept responsibilities related to personal privacy protection and access. You will also need to develop an access process and a complaint handling system. You will even need to consider third parties who have or need access to the personal information that you have collected to ensure that they have privacy protection measures in place.

This process does not occur overnight and not without considerable commitment of time, energy and resources. The Office of the Privacy Commissioner of Alberta has some excellent references and assistance programs.

North & Company recognizes the importance of protection of personal information. We invite you to review our Privacy Policy on this website or contact our Privacy Officer, Mrs. Alberta St. Amand, or the author of this feature for more information, We are prepared to assist you with interpretation and compliance with this new legislation.

 

 
 
If you found this article helpful tell us . If you have more questions get in contact with one of Our Lawyers today.
 
Disclaimer: Articles and materials on this web site are intended as a general source of legal information. The lawyers at North & Company always recommend the consultation of a qualified lawyer in your area because the law may be different depending on the circumstances & jurisdiction of the reader.