Why are Canadian businesses often caught violating customers’ privacy rights, not protecting personal data they hold and victimized by data breaches?

One answer is they don’t know they have to follow provincial and federal privacy laws. It may be even worse.

“Frankly, judging by some of the phone calls we get, some don’t even know there is privacy legislation,” says Michael McEvoy, British Columbia information and privacy commissioner.

For these reasons McEvoy has announced his office has launched new programs to help the roughly 1 million firms, non-profits, doctor’s offices, trade unions and other organizations there understand their obligations under the provincial Personal Information Protection Act (PIPA).

The campaign, largely aimed at small and medium-sized organizations, will include webinars, animated pop-up online videos, podcasts and guidance documents. It will be officially launched on March 7.

New tools will be published on the first Wednesday of each month throughout 2019 on the OIPC website.

The idea for the campaign started when McEvoy looked at responses to a privacy self-assessment toolkit send randomly to B.C. businesses asking for details about their privacy management program.

“Many of them didn’t really understand the most fundamental aspects under our personal information protection act. We also had the same sense from the kind of calls we receive from businesses. We field thousands of calls a year asking what their legal obligations are under the legislation. All of which pointed to the need for a comprehensive education program for businesses of all kinds.”

This despite the fact that PIPA came into effect in 2004. So what does it say that 18 years later many B.C. businesses aren’t informed? Do firms think its just another government regulation?

No, said McEvoy, but privacy hasn’t been “on their radar screens until recently.”

“But I think business more and more are beginning to recognize that there’s an expectation on the part of their customers, on the part of the public, that the data they provide the businesses is going to be properly secured and protected, and treated in a privacy-focused way.”

The campaign will start with animated webinars on the Office of the Information and Privacy Commission of B.C. site to inform consumers and employees of their basic obligations. They will walk viewers through the steps of developing a privacy management program, including how to write a privacy policy, how to keep records, how to respond to an individual’s request about what information an organization holds about them.

The site will also have animated pop up videos explaining what is personal information and how to secure it. The podcasts will be fictional recreations of themes the OIPC has handled.

Related Download
How GDPR can be a strategic driver for your business Sponsor: Micro Focus

How GDPR can be a strategic driver for your business

Register Now

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: