In Canada, the Personal Information Protection and Electronic Documents Act [PIPEDA] requires organizations to take reasonable steps to safeguard the information of their customers and clients. The Act applies to Canadian private sector organizations of any size. It is important to consider that Canadian provinces have the right to enact privacy laws that are similar to PIPEDA. Further, certain business sectors may be governed by a sector specific Act. Being aware of the privacy laws that apply to you and your small business is vital.
What does this mean for small to mid sized business and what obligations do you have as a small business owner under PIPEDA?
PIPEDA defines “personal information” as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. Therefore, unless your business is federally regulated, the provisions guiding employee privacy do not necessarily apply the same way they would to customer’s personal information. However, private sector organizations covered by PIPEDA may wish to consider extending the same protections to their employee information as they do for their customers. The principles of the Act are widely accepted in Canada and account for smart business practice.
Know your Industry
Being informed and in compliance with relevant privacy law is an essential component of running a thriving business in Canada. Establishing a set of complete privacy procedures can help protect your business from future privacy disputes as well as develop the customer trust and confidence needed to building lasting consumer relationship.
This article should not be relied upon as legal advice - the comments may not be applicable to you and may not be up to date. If you have any questions, you should contact a lawyer.