|By Aimee Sheppard
Its name is PIPEDA and it’s been dubbed the Silent Y2K.
It’s the Personal Information Protection and Electronic
Documents Act and as of Jan. 1, 2004, it’s the new standard
Canadian organizations must follow when collecting and storing
your personal information.
Wetsch, an assistant professor at Memorial’s Faculty
of Business Administration, thinks new privacy legislation
is a good thing.
Under the act, personal identification is more than your name,
phone number and address. The definition includes income, spending
habits, education, race, ethnicity, marital status and more.
The federal legislation comes in response to a growing public
concern over advances in electronic databases and the ability
for organizations to gather, match, share and transmit growing
quantities of information about people. The act will have a
significant impact on the way Canadian organizations collect
and manage their data.
And while it’s bound to cause headaches for several businesspeople,
Lyle Wetsch, an assistant professor at Memorial’s Faculty
of Business Administration, thinks PIPEDA is a good thing.
“PIPEDA will provide guidelines for all businesses that
will allow individuals to have more control and knowledge over
their personal information,” said Mr. Wetsch. “Advances
in technology have created an environment where data can be
easily collected, stored and sorted and without a standardized
set of policies such as those in PIPEDA, some organizations
may abuse these capabilities.”
The final stage of the law that was enacted this month requires
organizations to: obtain consent when they collect, use, or
disclose your personal information; supply you with a product
or service if you refuse consent for the collection, use or
disclosure of your personal information, unless the information
is essential to the transaction; collect information by fair
and lawful means; and have personal information policies that
are clear, understandable and readily available.
“Often when we purchase or return an item in a store,
we are asked for our address and phone number “for the
database”. Under PIPEDA, organizations will have to ensure
that customers are informed explicitly what the information
will be used for, obtain their consent to use it for that matter,
and make sure that each piece of information collected is essential
to its use. Organizations will need to have a clear system in
place to ensure that the information is not retained once it
is past its approved use, that it is kept appropriately secure,
that its accuracy is checked frequently, and that they receive
new consent if they plan on using the data for a new use.”
“For Canadian businesses, the short term headaches and
work will lead to long term benefits,” he said. “There
will no doubt be some difficulties as businesses adjust their
systems and procedures to ensure that they are in compliance
with the regulations; however, a well developed strategy that
starts with PIPEDA compliance has the potential to have significant
positive impact on the customer/
The law also entitles individuals to access all the personal
information an organization has collected about them including
performance evaluations and notations of disciplinary action
and to request changes to the information if it is inaccurate.
Organizations are obligated to provide the information requested
within 30 days.
If you’re not satisfied with the response or you have
concerns over how an organization is using your information,
you can complain to the Privacy Commissioner of Canada.
To help people better understand PIPEDA and what it means to
them, Mr. Wetsch has set up a Web site at www.newfoundland-privacy.org.