ILN Data Privacy Paper

Canada

PIPEDA provides limited direction on the destruction of personal information. Organizations must develop their own guidelines that govern the disposal or destruction of personal information. The CPPA would specify that disposal of personal information means the permanent and irreversible deletion or anonymization of such personal information. 4.3. Data correction, completion, updating or erasure Personal information about an individual must be accurate, complete and up to date. Organizations must respond to requests to amend personal information about individuals. An amendment may involve the correction, deletion or addition of

information. If requested, organizations must also be able to provide an account of the third parties to which the information has been disclosed. Access must be provided for free or a minimal fee, within a reasonable time. 4.4. Data protection and security practices and procedures PIPEDA requires organizations to implement appropriate safeguards against unauthorized access or modification of personal information. It mandates appointing privacy officer(s) to be accountable for ensuring compliance. The name, title and contact information of the privacy officer(s) must be readily available as they must act as the point of contact for individuals with compliance concerns. If enacted, the CPPA will require that organizations implement and maintain a privacy management program. The Commissioner will be able to request access to an organization's privacy management program and recommend corrective measures be taken. 4.5. Disclosure, sharing and transfer of data Organizations transferring data to service providers must ensure compliance by third parties. Contractual safeguards and monitoring can ensure that service providers are also compliant with

https://www.foglers.com/

Made with FlippingBook - PDF hosting