11 things you should know about privacy

top legal issues for tech bus

Privacy laws apply to every business that knows any information about individuals.

Here are 11 things you should know about privacy.

  1. There are many privacy statutes that may apply depending on the nature of the information, the nature of your business, and what province your customers are in. Health information, for example, is usually subject to different statutes than other personal information.
  2. In general, if you want to use someone’s personal information for something they would not think is necessary to provide your services, you need their permission.
  3. Mandatory breach notification is becoming more common. Some provincial statutes require it, PIPEDA now includes breach notification provisions that are coming into effect soon.  The notice requirements include some rather subjective tests, and must be reviewed carefully if you have a privacy breach.
  4. The definition of personal information is fairly broad. It includes things like an IP address, and depending on the jurisdiction, may include car license plates.
  5. You need to have a privacy policy that clearly describes what you collect and what you do with personal information. The nature and complexity of that policy will vary depending on the nature of your business, the nature of the information, and what you want to do with the personal information.
  6. You must have a privacy officer who is accountable and available to your customers.
  7. A privacy policy should cover your organization as a whole, not just your web site or one product.
  8. A privacy audit may be in order. Make sure you understand what information you actually do collect, use and disclose.  A disconnect between reality and what your policy says is a recipe for disaster.
  9. Privacy, anti-spam legislation (CASL), and Don Not Call legislation complement each other, work together, and shouldn’t be viewed in isolation.
  10. Some privacy laws (in particular some provincial laws dealing with public sector or health information) say that data can’t reside outside of Canada.
  11. Having processes and protections in place to keep personal information out of the wrong hands is crucial. It is equally crucial to deal with a privacy breach appropriately to reduce legal, customer, and headline risk.

Leave a Reply

Your email address will not be published.