The Personal Information Protection and Electronic Documents Act (PIPEDA) is a federal law that governs how private sector businesses handle personal information.
It came into effect in 2000, specifically targeting the use of electronic documents and the growing sphere of ecommerce. (Canada was also trying to prove to the European Union that its privacy standards were up to code.)
Personal Information As Defined by PIPEDA
According to this act, personal information is anything that identifies an individual, including:
- Age, name, ID numbers, income, ethnicity, etc.
- Medical, financial, employment and other historical or tracked information.
- Personal opinions and comments (in certain contexts).
PIPEDA Fair Information Principles
The 10 pillars of PIPEDA are:
- Accountability — Someone in your business must be accountable for complying with the regulations.
- Identifying Purposes — You have to tell people why you’re collecting their personal information.
- Consent — You have to get the consent of the individual before collecting personal information.
- Limiting Collection — Only collect what you need.
- Limiting Use, Disclosure and Retention — You can only use the information for the purpose it was originally collected. This information may only kept as long as needed to fulfill these purposes.
- Accuracy — Information must be accurate, complete and as up-to-date as possible.
- Safeguards — Your business must implement the appropriate safeguards to protect this data.
- Individual Access — Individuals may request access to their information.
- Challenging Compliance — If an individual feels there’s an inaccuracy or violation, their concerns should be heard by the business representative accountable for overseeing PIPEDA compliance.
PIPEDA and Your Business
Almost every business handles personal information. Even if you’re a B2B company, you have employment records for each employee. Given that handling personal information is part of running your business, here are a few basics you need to cover:
- Put someone in charge of compliance. If this isn’t your wheelhouse, consult with someone who is.
- Explains why personal information is collected.
- Gets the consent of the person whose information your collecting.
- Proves that the collection of the information isn’t contingent on providing the service.
- Stays within the limits — making sure you only collect the data you need.
- Sets parameters for the timely disposal of information when warranted.
- Creates procedures for protecting data, such as locking file cabinets or limiting access to databases that contain personal information.
- Train everyone the company about privacy practices and policies.
- Grant individual requests for information as warranted.
- Create policies for complaints, errors and breaches.
Recent Changes to PIPEDA
As of November 1, 2018, several new regulations have been added. Top of mind for most businesses is that you must notify affected or potentially affected customers, clients, vendors or other parties of any data and security breachers. You must also report these breaches to the Office of the Privacy Commissioner of Canada, while keeping records of what happened and the steps you to took to resolve the issue.
PIPEDA Still Applies When You Dispose of Technology
As a business, when you get ready to replace aging technology or dispose of technology that no longer works, you still need to put these items through the lens of data protection. At Greentec, we’re dedicated to secure IT asset and e-waste disposal.
When you have IT equipment that you no longer need, we make sure the entire process is secure, cost-effective and most of all, compliant.
We hold the following certifications to ensure security:
- ISO 14001, OHSAS, R2, and NAID Certified.
- Approved by The Ontario Minister of the Environment and Climate Change to operate a waste-disposal processing site.
- Permit ECA 6247-6VDJUA
- An approved processor with the Ontario Electronic Stewardship Program for processing Waste Electrical and Electronic Equipment.
- Verified and audited by the Electronics Products Recycling Association to conform to the Canadian Electronics Recycling Standards.
Greentec can assist with the disposal and recycling of end-of-life or obsolete electronic devices and IT equipment. But did you know we can also offer some advice on establishing policies that keep your business safe with information collection and disposal?
Reach out for more information on how we can help you handle the management of your assets at any stage of the process. Reach out to find out more about how Greentec can help you navigate this essential process, or connect with us on Facebook, Twitter, LinkedIn and Instagram to stay up to date with Greentec and recycling news.