Canada
Requirements for Data Processing
Ensure employees are made aware of the importance of maintaining the confidentiality of the personal information. 9. Individual Access Provide access to an individual to their personal information. 10. Challenging Compliance Put in place procedures to receive and respond to complaints or inquiries about organizations' personal information handling practices. All complaints must be investigated. If the complaint is justified, the organization must act appropriately to address the situation. In addition to the ten fair information principles, there are compliance requirements mandated by PIPEDA: PIPEDA has mandatory breach reporting to both individuals and the OPC where there is a real risk of significant harm to individuals. It also has mandatory record keeping requirements for all breaches; and PIPEDA includes anti-spam provisions that target email address harvesting and the illicit access of another person's computer systems to collect personal information.
4.1. Grounds for collection and processing Consent (which may be express or implied, in writing or oral) is only valid if it is reasonable to expect that an individual to whom the organization's activities are directed would understand the nature, purpose, and consequences of the collection, use or disclosure of the personal information to which they are consenting. Failure to convey the purposes for collecting may render consent meaningless. If enacted, the CPPA will change the consent regime; personal information may be processed with express consent, implied consent, or without consent if the collection or use is for a "business activity" or "legitimate interest", as set forth in the CPPA under certain circumstances. 4.2. Data storage and retention timelines PIPEDA mandates retaining personal information only as long as necessary to fulfil its purpose. Once the information no longer fulfils that purpose, it should be destroyed, erased, or made anonymous. Personal information used to make a decision about an individual must be retained long enough to allow the individual access to the information after the decision has been made.
https://www.foglers.com/
Made with FlippingBook - PDF hosting