How To Write A Privacy Policy For A Busiess



Similar documents
Professional Networking

GOOD PRACTICE CHECKLIST FOR INTERPRETERS WORKING WITH DOMESTIC VIOLENCE SITUATIONS

client communication

Handling. Collection Calls

For customers Key features of the Guaranteed Pension Annuity

Best of security and convenience

A GUIDE TO BUILDING SMART BUSINESS CREDIT

Flood Emergency Response Plan

Assessment of the Board

Making training work for your business

summary of cover CONTRACT WORKS INSURANCE

Tell us if you need help because of a disability Ask for a free interpreter

Bank Secrecy Act. Job-specific BSA tracks Related case studies Suggested courses

Information about Bankruptcy

Pre-Suit Collection Strategies

Health and dental coverage that begins when your group health benefits end

Setting Up a Contract Action Network

ODBC. Getting Started With Sage Timberline Office ODBC

Amendments to employer debt Regulations

Domain 1: Designing a SQL Server Instance and a Database Solution

Baan Service Master Data Management

How To Get A Kukandruk Studetfiace

How to read A Mutual Fund shareholder report

Investing in Stocks WHAT ARE THE DIFFERENT CLASSIFICATIONS OF STOCKS? WHY INVEST IN STOCKS? CAN YOU LOSE MONEY?

CREATIVE MARKETING PROJECT 2016

How To Find FINANCING For Your Business

PENSION ANNUITY. Policy Conditions Document reference: PPAS1(7) This is an important document. Please keep it in a safe place.

Anti-Money Laundering

There s Wealth in Our Approach.

CCH Accountants Starter Pack

TIAA-CREF Wealth Management. Personalized, objective financial advice for every stage of life

Holiday Park Holiday Home Ownership Code of Practice

Get advice now. Are you worried about your mortgage? New edition

To c o m p e t e in t o d a y s r e t a i l e n v i r o n m e n t, y o u n e e d a s i n g l e,

I apply to subscribe for a Stocks & Shares NISA for the tax year 2015/2016 and each subsequent year until further notice.

National Institute on Aging. What Is A Nursing Home?

I apply to subscribe for a Stocks & Shares ISA for the tax year 20 /20 and each subsequent year until further notice.

Hypergeometric Distributions

2014 Menu of Agency Support Services 17 TOP OF MIND TOUCH POINTS

leasing Solutions We make your Business our Business

Agency Relationship Optimizer

Determining the sample size

About our services and costs

How to use what you OWN to reduce what you OWE

Ideate, Inc. Training Solutions to Give you the Leading Edge

6. p o s I T I v e r e I n f o r c e M e n T

Revised Special Terms & Conditions

DC College Savings Plan Helping Children Reach a Higher Potential

INDEPENDENT BUSINESS PLAN EVENT 2016

A guide to School Employees' Well-Being

Engineering Data Management

RISK TRANSFER FOR DESIGN-BUILD TEAMS

CHAPTER 3 THE TIME VALUE OF MONEY

Death Beefits from Pacific Life

Saudi Aramco Suppliers Safety Management System

Savings and Retirement Benefits

How to set up your GMC Online account

PUBLIC RELATIONS PROJECT 2016

*The most important feature of MRP as compared with ordinary inventory control analysis is its time phasing feature.

In nite Sequences. Dr. Philippe B. Laval Kennesaw State University. October 9, 2008

IT Support n n support@premierchoiceinternet.com. 30 Day FREE Trial. IT Support from 8p/user

FPO. A global telecom s strategy. for Canada

CCH Document Management

Life Insurance: Your Blueprint for Wealth Transfer Planning. Producer Guide to Private Split Dollar Arrangements. Your future. Made easier.

MainStay Funds IRA/SEP/Roth IRA Distribution Form

Domain 1 - Describe Cisco VoIP Implementations

FIRE PROTECTION SYSTEM INSPECTION, TESTING AND MAINTENANCE PROGRAMS

AGC s SUPERVISORY TRAINING PROGRAM

Analyzing Longitudinal Data from Complex Surveys Using SUDAAN

Domain 1: Identifying Cause of and Resolving Desktop Application Issues Identifying and Resolving New Software Installation Issues

auction a guide to selling at Residential

STUDENTS PARTICIPATION IN ONLINE LEARNING IN BUSINESS COURSES AT UNIVERSITAS TERBUKA, INDONESIA. Maya Maria, Universitas Terbuka, Indonesia

France caters to innovative companies and offers the best research tax credit in Europe

The Importance of Media in the Classroom

Grade 11 Promotions (30S) A Course for Independent Study

WHERE CHANGE IS POSSIBLE

Safeguarding Taxpayer Data A GUIDE FOR YOUR BUSINESS

Authentication - Access Control Default Security Active Directory Trusted Authentication Guest User or Anonymous (un-authenticated) Logging Out

Securing your business

Culture and the Customer Service Experience

Flexible Trust. (Settlor as trustee with optional survivorship clause) Your questions answered. What is a trust? What is a Flexible Trust?

e-trader user guide Introduction

Configuring Additional Active Directory Server Roles

CCH CRM Books Online Software Fee Protection Consultancy Advice Lines CPD Books Online Software Fee Protection Consultancy Advice Lines CPD

Introducing Your New Wells Fargo Trust and Investment Statement. Your Account Information Simply Stated.

PRICE BAILEY CHARITIES & NOT FOR PROFIT THE RIGHT ADVICE FOR LIFE

Two people, one policy. Affordable long-term care coverage for both.

Lesson 17 Pearson s Correlation Coefficient

Transcription:

Office of the Privacy Commissioer of Caada PIPEDA Privacy Guide for Small Busiesses: The Basics

Privacy is the best policy Hadlig privacy cocers correctly ca help improve your orgaizatio s reputatio. Whe you take privacy rights seriously i your busiess, you establish a atmosphere of trust that keeps customers loyal ad attracts the best employees. Whe you establish a comprehesive privacy policy that customers ad employees ca uderstad, you are also less likely to become ivolved i a privacy dispute. This booklet is a easy-to-use guide prepared by the Office of the Privacy Commissioer of Caada as a first step for busiesses that wish to improve their privacy practices ad avoid ivestigatios. The tips here will help you build capacity i-house to hadle issues ad complaits as they arise. The Office of the Privacy Commissioer of Caada At the Commissioer s Office, we uderstad that busiesses especially those that are small ad medium-sized are challeged o a daily basis as they maage multiple priorities, icludig the privacy of their customers. We are here to protect the privacy rights of Caadias, support busiesses i their efforts to comply with federal privacy law ad ivestigate privacy complaits from idividuals about busiesses privacy practices. Persoal Iformatio Protectio ad Electroic Documets Act (PIPEDA) PIPEDA sets groud rules for how orgaizatios may collect, use or disclose iformatio about idividuals i the course of commercial activities. The law also gives idividuals the right to see ad ask for correctios to iformatio a orgaizatio may have collected about them. If a orgaizatio s customers thik the orgaizatio is ot livig up to its resposibilities uder the law, they have the right to lodge a official complait. PIPEDA applies to orgaizatios egaged i commercial activities across the coutry, except i provices that have their ow private sector privacy laws. Quebec, Alberta ad British Columbia each have their ow law, ad Otario has a law which focuses specifically o persoal health iformatio. Eve i these provices, PIPEDA cotiues to apply to the federally-regulated private sector ad to persoal iformatio i iter-provicial ad iteratioal trasactios. PIPEDA also protects employee iformatio, but oly i the federally-regulated sector. Orgaizatios covered by the Act for their customer iformatio may wish to cosider extedig the same protectios to their employee iformatio. Persoal iformatio ca iclude a wide rage of elemets, from a perso s ame ad age to their ethicity, medical iformatio ad icome level. To fid out more about what costitutes persoal iformatio or about specific privacy laws, please visit privcom.gc.ca ad look uder Privacy Legislatio.

Gettig started If you are readig this guide, your busiess has likely desigated you as the idividual i charge of privacy compliace. I fact, privacy legislatio requires your busiess to desigate someoe for this importat task. This documet cotais may importat priciples that will help you build a proactive ad resposive privacy policy. Look beyod this booklet If you do the right thig o the privacy frot, your customers will appreciate it ad you will avoid a privacy complait or ivestigatio. This guide is to help steer you i the right directio. To lear more about how to build privacy protectio ito your busiess operatios, please supplemet the iformatio here by reviewig the Busiess Guide ad the E-learig tool for retailers olie uder Iformatio for Busiesses, as well as other importat resources, at privcom.gc.ca.

A airtight privacy policy is good busiess Private sector privacy legislatio requires orgaizatios to build privacy policies that outlie how they collect, use ad disclose their customers persoal iformatio. That process eed ot be difficult. Uder the headig Build Your Ow Policy, below, we have compiled a checklist of actios that represet some of the key elemets for compliace with the federal law. While the list is ot exhaustive, it will help build the essetial elemets of your ew privacy policy. Collect ad keep iformatio with care Whe you collect iformatio from your customers, you must esure that you explai your purpose ad get their coset i advace. Sometimes express coset is required, while other times implied coset may be sufficiet. For more iformatio o this, read our fact sheet olie etitled Determiig the appropriate form of coset uder PIPEDA. It s also importat ot to collect iformatio for oe purpose ad the use it for aother, without tellig or requestig the permissio of your customers. People are uderstadably cocered about how you will use their iformatio ad your privacy policy will help put them at ease. Uder the law, you must also make sure that ay persoal iformatio you collect is protected with adequate security safeguards. Oe of the easiest ad cheapest ways to make your busiess privacycompliat is to oly collect the persoal iformatio you actually eed. If it is t really eeded for your busiess, do t collect it. Aother quick ad easy security wi is to limit who gets access to customer iformatio o a eed-to-kow basis. Make a list of those employees who really eed to use customer iformatio to do their job. If they do t eed it, make sure they ca t see it. Securig persoal iformatio from pryig eyes ca be as simple as lockig a filig cabiet or restrictig who has access to a office. It is also importat to esure that computer systems which hold persoal iformatio are adequately protected with safeguards such as passwords, ecryptio ad firewalls. Techologies chage rapidly, so you will eed to review ad update security measures regularly. Retailers should also use a cash register that trucates ( x out) paymet card umbers o customer receipts. Build your ow policy Keep it simple. Your policy should be clear, cocise ad writte i plai laguage so it is easy to uderstad. It should provide eough details to help your customers uderstad how you maage their iformatio.

Review other privacy policies. Olie you ca fid policies of orgaizatios similar to yours. Although our office does ot edorse specific privacy policies, we have foud that the fiacial services sector ad telecommuicatios compaies have mature policies worth emulatig. Gai more isight ito the requiremets of your privacy policy by reviewig the priciples i Schedule 1 of PIPEDA, which ca be foud olie at privcom.gc.ca. Collect oly what you eed. You ca collect oly iformatio that is eeded for your busiess purposes for example, to maage a commercial relatioship ad provide ogoig service, to bill ad collect for products or services, to market to idividuals, ad to meet legal ad regulatory requiremets. Be ope about whe persoal iformatio may be disclosed. You must idicate i your policy if you ited to disclose customer iformatio to a affiliate or parter orgaizatio, or ay other third party. You eed t ecessarily ame each orgaizatio, but provide a geeral idea of the types of compaies i questio. Ad you must give your customers the opportuity to coset. Tell customers whe iformatio will be stored outside of Caada. The use of a third-party iformatio processor, such as a compay that provides payroll services, icreases the likelihood that iformatio uder your cotrol will be stored outside Caada. You must be ope with your customers about this possibility. Be ope about how you safeguard iformatio. The risk of idetity theft ad other uauthorized uses of persoal iformatio is always preset ad ever chagig. It s critical to keep the persoal iformatio i your care safe ad secure. Customers ad employees will appreciate your cadour about how you ited to protect their iformatio from such abuses. Let customers kow how log you will keep iformatio. PIPEDA requires that you keep persoal iformatio oly for as log as it is eeded to fulfill your purposes. If legislatio such as the Icome Tax Act authorizes you to store persoal iformatio over a log period, cosider disclosig that i your privacy policy. Cosider employees separately. Typically, orgaizatios purposes for collectig, usig ad disclosig employee iformatio are to admiister payroll, pesio, beefit ad departure provisios; to provide employee programs; to maage compay property; ad to hire ad retai a highly skilled workforce. Because these purposes are differet tha those for collectig customers iformatio, they warrat a separate sectio i your privacy policy. Make yourself available for questios. Let idividuals kow how to cotact your orgaizatio for privacy iformatio, either through email or through a toll-free umber. Also, tell customers they ca cotact the Office of the Privacy Commissioer at 1 800 282-1376 if they are usatisfied with your respose to their privacy cocer.

Egaged employees will help retai customers Privacy legislatio requires that you educate employees about your orgaizatio s privacy practices ad policies. It also stipulates that employees must uderstad their role i implemetig such policies ad be able to commuicate them. Whe you trai your employees to speak opely with customers about your orgaizatio s reasos for collectig persoal iformatio ad its plas for the specific use of that iformatio you icrease trust i your busiess relatioships ad help build pride amog employees who do busiess o your behalf. Below is a list of ideas to help you start a i-house traiig program for employees. Our checklist is oly iteded as a startig poit. For more iformatio about how to trai employees, please review the followig resources olie i the Iformatio for Busiesses sectio at privcom.gc.ca: Guide for Busiesses, E-learig tool for retailers, ad PIPEDA self-assessmet tool. Although we use the terms traiig program ad refresher course, these phrases ca mea a variety of thigs. If your orgaizatio is small, the process of traiig employees may be as simple as a oeo-oe coversatio.

Determie which employees eed the most traiig. Usually, employees who deal directly with customers collect iformatio that will elicit the most questios. They eed to kow whe to ask for help or refer a matter to your privacy officer. Keep key employee teams i mid. It is temptig for marketig ad product-developmet employees to take advatage of your customers iformatio as they work to improve ad sell your products. Cosider ruig short workshops for these groups so they uderstad your orgaizatio s policies ad obligatios for maagig persoal iformatio appropriately. Icorporate privacy issues ito stadard traiig programs. If your orgaizatio is small, or has o official traiig program, cosider orgaizig oe aroud your ew privacy policy ad ruig regular refresher courses. A olie referece or prited guide to your policy is a great resource for employees learig about your policy. Develop a process for updatig privacy-policy iformatio. This will eable you to respod to ew issues as they arise ad provide ogoig updates to employees to esure that they ca respod appropriately i the circumstaces. Review customer complaits regularly. This strategy will help you address cocers about your privacy policy ad practices ad ehace your privacytraiig program. Let employees kow where to go for help. While it is ot possible to aticipate every questio that customers will ask, providig key iformatio ad access to resources or idividuals withi the orgaizatio who ca provide further iformatio will go a log way to help both customers ad employees uderstad your practices. Develop a quiz to test employees kowledge. A sample quiz has bee icluded o the back iside cover of this publicatio. Use or expad o it to help keep employees iformed of importat privacy-policy issues.

Use a hoest ad ope approach It is vital to give your customers a sigle poit of cotact at your orgaizatio to deal with privacy issues. May uhappy cosumers have approached the Office of the Privacy Commissioer upset that they could ot fid someoe withi a busiess who could aswer their privacy questios. Whe thigs get difficult No matter how hard you work at ehacig customer loyalty, there will be istaces whe your orgaizatio does ot meet your customers expectatios of privacy. Recoverig customer loyalty ca be a simple process if it s doe right. You ca use these four steps to resolve privacy cocers before people make a complait to our Office. 1. 2. 3. 4. Take resposibility. Sicerely apologize to the customer for ot meetig their expectatios. Ofte, this is all you eed to do to address the cocer ad maitai customer loyalty. Fix the problem. If your orgaizatio made a mistake, take actio right away. If your privacy policy has bee called ito questio, determie if the policy is appropriate ad whether it should apply to similar circumstaces i future. Make a peace offerig. If your orgaizatio has made a mistake, offer your customer somethig meaigful for their icoveiece. If the customer wats a writte apology, cosider havig someoe i authority draft a letter. Check i with disgrutled customers. Follow up to esure the issue has bee resolved to your customer s satisfactio. These steps may ot resolve all your customers privacy issues, but they will help repair damaged relatios, build customer loyalty ad avoid privacy ivestigatios. Above all, esure that your frot-lie staff have support from your key privacy officers to address your customers cocers.

Educate your employees regularly Your orgaizatio s privacy policy is a critical tool to safeguard your customers persoal iformatio. It is your resposibility to esure your employees are aware of your compay s policy ad the circumstaces uder which they may ad may ot collect, use or disclose customer iformatio ad that they uderstad the reasos for collectig iformatio. Feel free to adapt the quiz below ad admiister it to employees at regular itervals. It will help refresh them about your privacy policy ad go a log way toward buildig a culture of respect i your orgaizatio toward privacy issues. Privacy Policy Quiz 1. What persoal iformatio does your orgaizatio or brach collect ad why do you collect it? 2. How does this orgaizatio safeguard customers persoal iformatio? 3. Who is the poit of cotact i this orgaizatio for more iformatio about your privacy policy, to clarify the policy or to register a privacy complait? 4. Uder what circumstaces does your orgaizatio disclose persoal iformatio, such as to credit agecies or collectio agecies?

30 Victoria Street Gatieau, Quebec K1A 1H3 Office of the Privacy Commissioer of Caada (819) 994-5444, 1-800-282-1376 Fax (819) 994-5424 Cat. No. IP54-17/2008 ISBN 978-0-662-06051-2 For more iformatio o private sector privacy laws i Caada, visit: Office of the Privacy Commissioer of Caada - priv.gc.ca Commissio d accès à l iformatio du Québec - cai.gouv.qc.ca Office of the Iformatio ad Privacy Commissioer of Otario - ipc.o.ca Office of the Iformatio ad Privacy Commissioer of Alberta - oipc.ab.ca Office of the Iformatio ad Privacy Commissioer for British Columbia - oipc.bc.ca This guide was prepared by the Office of the Privacy Commissioer of Caada i cosultatio with the Office of the Iformatio ad Privacy Commissioer of Alberta.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information