For some organizations, such as those in the federally regulated banking and telecommunications sectors, the process of complying with the Personal Information Protection and Electronics Act (PIPEDA) began three years ago.
For most other businesses however, Jan. 1, 2004 is a date being circled on calendars across the country. That day is the final call for all companies to be PIPEDA-compliant.
With the privacy deadline less than six months away, ComputerWorld Canada gauged how far companies have come, and what challenges they have faced along the way.
The compliance process is still vivid in Drew McArthur’s mind. McArthur, vice-president and privacy officer at Telus Corp. in Burnaby, B.C., recalls going through the process in 2000. PIPEDA-compliance didn’t end for the telco once it had met the privacy standards in 2001. Ensuring customer privacy isn’t breached has turned into a full-time position for McArthur. Ultimately it took Telus nine months to comply and, he recalls, it was a road littered with challenges that began with assembling a legal team to help explain what the law actually meant.
“The law contains guidelines, but it isn’t specific and there are hundreds of situations that crop up every week that require a decision to be made on how you’ll handle personal information,” he said.
At the time, McArthur and Telus’ legal team met with the privacy commissioner office to clarify parts of the legislation. He said this was a valuable approach because it helped get some answers.
One question Mc