|
British Columbia's
Personal Information Protection Act is expected to come into
effect on January 1, 2004. It will preside over the collection,
use and disclosure of a wide range of personal information, including
information about employees, customers, suppliers, volunteers,
members, contractors, donors only to mention a few. This Act
will also make available to an individual, including an employee,
with the right to access and reasonably amend personal information
held about them, subject to certain expectations.
International
Position
The pressure for a more sternly controlled business privacy law
was received with astonishing force in the past five years when
the European community embarked a plan to restrict the activities
of companies doing business in countries without strict privacy
laws. Canada signed on, and the Federal Government has in turn
requisitioned Provinces to endorse their own, equivalent standards,
or operate by Ottawa's rules beginning on January 1, 2004.
Privacy
Compliance Good for Business
Customers take their privacy seriously. British Columbians have
valued the protection of personal information as the second most
important issue in the Province. This public uneasiness has resulted
in an estimated loss of $15 billion in e-commerce sales due to
customer apprehension over the security of their personal information.
Practical
Steps
Below are some convenient steps to assist organizations in order
to be accurately prepared on January 1, 2004:
 |
Designate a
privacy officer |
|
|
Take an information
inventory |
|
|
Develop policies
and procedures |
|
|
Get the message
out |
|
|
Develop a training
strategy; and |
|
|
Follow-up |
Guidelines
in Developing Policies and Procedures
After completing the inventory of current privacy practices,
organizations should develop and implement privacy policies and
procedures. These will include readily available and transparent
policies and practices that deal with the following:
|
|
Principles of
information practices; |
|
|
Obtaining consent
for the collection, use and |
|
|
disclosure of
personal information; |
|
|
How, when and
why personal information is collected, |
|
|
used and disclosed; |
|
|
Limiting use
and disclosure; |
|
|
Dealing with
appropriate retention and destruction; |
|
|
Accountability; |
|
|
Maintaining
accuracy and correcting personal |
|
|
information;
and |
|
|
Implementing
security safeguards. |
Additionally,
organizations must, on request, provide any individual including
an employee; with the information the organization possesses
about that person, as well as an account of how that information
has been used and to whom it has been disclosed. As a result,
it is vital that organizations develop and maintain an effective
internal system of tracking the collection, use and disclosure
of personal information, including employee personal information.
For more
information on the Privacy Policy Legislation
For more information on the Federal Personal Information Protection
and Electronic Documents Act
For more information on The Personal Information Protection
Act
|
Email: jim@jfitzpatrick.com
