Privacy Policies
Compliance Services for the Personal Information Protection Act (PIPA) British Columbia
The new Personal Information Protection Act came into effect January 1, 2004 and applies to every organization doing business in British Columbia – no matter how big or small. Many other Provinces also have similar legislation in place. Additionally federal Privacy laws also have similar compliance requirements. That also means anyone with a web site who collects any information for any reason whatsoever whether using a submit form, e-mail, or receiving information by mail, fax or telephone must implement and publicly display a Privacy Policy.
For the purposes of the Personal Information Protection Act, an organization is defined as:
- a person
- a corporation
- a partnership
- an individual acting in a commercial way , but not an individual acting in a personal or domestic capacity or acting as an employee,
- association that is not incorporated,
- a trade union,
- a not-for-profit organization, and
- a trust (except for a private trust for the benefit of friends or family of the individual who sets up the private trust).
This purpose of this Legislation is to “govern the collection, use and disclosure of personal information by organizations in a manner that recognizes both the right of individuals to protect their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances”.
This Act applies to every organization and means that organizations can only collect / use / disclose personal information when the individual voluntarily provides it on the basis of informed consent.
In order for consent to be valid, the organization must, on or before collection of the information, disclose to the individual:
- the purpose of the collection of the information
- if requested, contact information regarding the person in the organization who can answer questions re collection / use / disclosure
Some helpful hints around the Act:
- if you don’t need it, don’t collect it
- if you don’t need it any longer for the purpose for which it was collected, get rid of it (subject to the various statutory rules regarding retention of certain types of information.)
- if you’re not sure that you have consent for a proposed use, ask for it.
There are a variety of considerations that need to be made in order to ensure that your business is complying with the Act. Adopting a policy, documenting consents from those you are collection personal information on, tracking each time you disclose personal information to a third party, establishing contractual and other safeguards are just a few.
What you should be doing NOW in order to comply with the Act includes:
- Adopt/Publish a Policy
- Conduct a Personal Information Review
- Designate a Privacy Officer
- Establish internal systems such as Safeguards, Tracking use / disclosure, Providing access / means to correct information
Failure to comply with an order can result in a fine of up to $100,000. Where there is an order as a result of a breach of the organization’s PIPA obligations, any individuals affected have a cause of action for damages.
The Office of the Information and Privacy Commissioner for British Columbia website oipcbc.org offers a variety of links and information to assist you and your business in complying with the Act.
Links to Personal Information Protection Act information:
Contact Information for Compliance Services for your business:
Dieter Gerhard
President,
telephone: 250.721.9991
northStudio.com Inc.
