We recognize that many businesses are facing unprecedented challenges related to the pandemic. We are marking Privacy Awareness Week with this reminder to businesses that we are here to help them understand their obligations and comply with the law in regards to protecting personal information.
“Personal information” is any information about an identifiable individual. Privacy laws in Canada set the ground rules for the collection, use and disclosure of personal information. These laws provide rights to citizens in respect of their personal information.
The uptake of new technological advances over the past few years has allowed businesses to grow and communicate more effectively with their clients. Business tools such as cheap data storage and digital marketing are now more accessible than ever to organizations large and small.
The impact of technological innovation on data privacy can only be described as revolutionary. Many businesses have accumulated stores of personal information. Accompanying this development are new challenges and risks that some may not have considered.
One only needs to read the news in the morning to learn about the latest data breach or misuse of personal information.
A 2019 survey of Canadian businesses on privacy-related issues found that an overwhelming majority of respondents (88%) said customer privacy is an important corporate objective, with more than two-thirds (69%) saying it is “extremely important”. It is clear that customer privacy continues to be an extremely important factor and has perhaps become even more important given the acceleration of the adoption of technologies due to the pandemic.
We also know that Canadians are increasingly concerned about their privacy and are choosing to do business with organizations that are sensitive to those concerns. In fact, a vast majority of Canadians say they would choose to do business with a company specifically because it has good privacy practices.
Businesses would be wise to recognize and embrace privacy measures as a competitive advantage. They should ask themselves which proactive measures they are taking to safeguard the privacy of their customers and how to mitigate data breaches.
It’s important for companies to limit the amount of personal information they collect, whether it be in paper, electronic or another format, to what is necessary to deliver a product or service, and they should make it clear to customers why they need that information, ideally through a privacy policy that is accessible to customers.
To avoid losing personal information or sending it to the wrong person, companies need to know what they collect, where they store it and who has access to it. To that end, properly training staff on privacy protection is critical. It’s also important to put limits on employees’ access to personal information where they don’t need access.
Businesses are required to secure personal information from loss or theft, unauthorized access and disclosure, and disposal. Privacy laws that apply in Yukon require businesses to report a breach of privacy in certain circumstances. Businesses are encouraged to familiarize themselves with these obligations.
It is worth mentioning that the most common complaints to the Office of the Privacy Commissioner of Canada (OPC) relate to the use and disclosure of personal information – when companies use information for purposes other than those specified at the time they asked for it, or when it’s discovered that an employee has looked at somebody’s file without authorization.
On a national level, the OPC is responsible for overseeing the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to private-sector organizations, including those in Yukon, that collect, use or disclose personal information in the course of a commercial activity. The Yukon Information and Privacy Commissioner is responsible for ensuring public bodies and health care custodians comply with the Access to Information and Protection of Privacy Act and the Health Information Privacy and Management Act in the territory.
The OPC has a business advisory team that is available to consult with businesses in the private sector on their privacy initiatives and to help clarify what their obligations are.
Yukon’s Information and Privacy Commissioner is available to consult with public bodies and health care custodians on their responsibilities under Yukon’s privacy laws.
As we mark Privacy Awareness Week from May 3-9, we encourage all businesses to use this opportunity to take stock of, and strengthen where necessary, their privacy practices.
SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DEL CANADA – OPC