What You Need to Know About The PIPEDA Privacy Law


Learn about maintaining PIPEDA compliance and protecting your business from potential threats

The Personal Information Protection and Electronic Documents Act (PIPEDA) was established by the Government of Canada in an effort to safeguard the collection, use or disclosure of personal information during the course of a commercial activity. Or, in layman’s terms, it’s legislation that stipulates how businesses must handle the personal information of the people who interact with their company.  Its core purpose is to protect Canadian citizens from security breaches, placing the onus on businesses to properly manage the personal information they control.


Why PIPEDA Matters

In today’s world, businesses and organizations of all sizes, from all industries, rely on computerized data systems to manage information about their clients and the people they serve.  With so much information being shared via the world wide web, the importance of data protection and confidentiality has never been more apparent.  In fact, 87 percent of Canadian companies suffer at least one successful breach per year (of varying severity), and 47 percent of breaches result in sensitive data being stolen

When these security breaches occur, not only is the personal information of a company’s client base compromised, but their business could be subject to an audit by the Office of the Privacy Commissioner of Canada. In some instances, if it is found that a business has failed to meet PIPEDA requirements, the case can be sent to Federal Court, where a business can be ordered to publicly disclose their failure to comply, or even be ordered to pay damages of up to $100,000 per violation.


What Businesses Can Do To Protect Themselves And Their Clients

Now that we’ve discussed why data privacy is important, you need to know how to shield your company and your customers from a potential security breach.  Here are some simple steps business owners can take to ensure PIPEDA compliance and protect information within their company:


1. Develop And Implement A Security Policy

If you are an operating business, you should already have a security policy in place. But if you don’t, now is the time to get started. 

When brainstorming and creating your security policy, be sure to consider the following:

  • What physical measures can I take to protect personal information within my company? 
  • What technological tools can I use to protect the personal information my business has access to?
  • What organizational controls can I implement to safeguard personal information within my company?

Ask for feedback from your employees regarding your security policy, and dedicate time to identifying any loopholes or weak spots in your plan.  Then, ensure that all members of your team are aware of your security policy and are trained to follow the procedures meticulously.


2. Grant Access On A Need-To-Know Basis Only

This is by far one of the best ways to safeguard information within your business and ensure you are maintaining PIPEDA compliance.  Often, employees gain access to documents they don’t necessarily require access to, or employers intend to only provide access for a certain period of time, but forget to eliminate access after the given time period has passed.  

In some cases, former employees aren’t removed from specific programs or accounts, or current employees become complacent, using less-than-ideal passwords than can easily be hacked.  Whatever the case, developing clear and concise procedures for granting access to information is always recommended. These procedures should be followed rigorously, with the same protocols being followed each time access is granted or removed.


3. Assemble A Security Committee And Review Policies Regularly

The more time and manpower you dedicate to upholding your security policy, the less likely a violation will be.  Staying abreast of any updates or amendments to PIPEDA is also recommended. We advise checking the official blog of the Office of the Privacy Commissioner regularly for all the latest news.

Sometimes, the best offense is a good defense. For this reason, it’s advantageous to remain vigilant about data protection and to dedicate time to understanding the protection act.   The more knowledgeable and proactive you are, the more resilient your business will be.


When To Seek Managed I.T. Services

Sometimes, business owners simply do not have enough time to monitor their security as closely as they’d like, and that’s okay! Depending on the size of your business, the number of employees you manage, and how involved you are in day-to-day operations, it may be best to reach out to a company that offers managed services— like our team at ARC Business Solutions.

The benefits of hiring an IT company to oversee the security of your information include:

  • Peace of mind knowing your IT services provider will provide on-going, real-time monitoring of any potential threats
  • Being able to rely on professionals to enhance your security structures and implement preventative measures
  • The ability to trust your IT services provider to act as a gatekeeper, overseeing who has access to what within your organization
  • Quicker resolutions to security issues
  • Ongoing support and staff training (when required)

At ARC Business Solutions, our managed services team are trained and qualified to provide strategic and tactical security support, protecting you from cyber attacks and eliminating risks.  Remember, 80 percent of SMB owners recognize that today’s cybersecurity solutions have to go beyond basic antivirus, anti-malware and firewall solutions.  If you are one of the business owners who understands the need for increased cyber security measures, but needs assistance implementing a strategy that works, ARC Business Solutions could be the right fit for you.