chConnectCHconnect

office (519) 783-6810

PIPEDA and CH

The Personal Information Protection and Electronics Document Act took effect January 1, 2004, and all Canadian companies and organizations must abide by it.  The purpose of the act is to protect the privacy of personal information that is collected and used by organizations. 

The PIPEDA boils down to one essential principle:  an organization can only collect information about a customer with the customer's consent and the information may only used in a manner consistent with that initial consent.     An important second principle is that any individual has the right to access and "audit" personal information about themselves that is held and stored by any company or organization.

Thus an organization may not collect a customer's address for the express purpose of providing warranty coverage, and then sell that information to another company for the purpose of advertising, without the consent of the customer.

For Christian Horizons, the information we need to be concerned with relates to our staff, our clients, and our donors and supporters.  Each data base must be handled in a different way, but it should be assumed that all of this information must be protected from access by unauthorized second parties, and that it must be available for audit upon request by the individuals, and that it must not be used for any purpose that was not communicated at the time of collection.

Noted 2018-12: it appears that most large online companies now, including Facebook, do not restrict the usage of private customer data to approved purposes.

 

 

Resources

[2018-12-06]