Stumbling over privacy compliance

Almost a third of Canadian businesses are dragging their feet when it comes to complying with private-sector privacy law. According to a survey recently released by the office of Jennifer Stoddart, Privacy Commissioner of Canada, 31 percent of our businesses are either still in the process of complying with such law or have yet to begin.

Only one in two businesses said they have a high awareness of their responsibilities under the Personal Information Protection and Electronic Documents Act (PIPEDA), and just a third said they have trained staff to handle privacy issues. Worse, according to Stoddart’s office, is the fact that only one in five has sought clarification of their role.

Stoddart’s report comes after recent high-profile data loss incidents involving CIBC and TJX, which owns the Winners and HomeSense chain stores in Canada. It also follows a five-year parliamentary review of PIPEDA that called for better definitions of such terms as “business contact information” and “destruction” of personal records.

Stoddart has given a number of speeches highlighting the influence and contribution IT departments could have on PIPEDA compliance.

“Whenever I’ve spoken on that, this has been well-received by the IT community,” she said. “I don’t know quite what they’re doing about this. Certification by the IT community might be a good idea. [IT managers] bear a lot of responsibility because they have to know the standards.”

Murray Long, a privacy consultant based in Ottawa, gave Stoddart low marks for raising awareness about PIPEDA, which he said was particularly challenging because of the makeup of the business sector here.

“I don’t know how you do it better – they certainly have been able to reach into major business associations and some of the high-profile kind of businesses like banking and telecom,” he said. “Once you get into the unregulated small business sector, that’s a huge challenge.” Stoddart disagreed. “Being a small business is really not the excuse it used to be for not knowing what the law is, because of the Internet,” she said.

“Everybody can go to our Web site where there are reams of information.” 070773

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now