Why are Canadian businesses often caught violating customers’ privacy rights, not protecting personal data they hold and victimized by data breaches?
One answer is they don’t know they have to follow provincial and federal privacy laws. It may be even worse.
“Frankly, judging by some of the phone calls we get, some don’t even know there is privacy legislation,” says Michael McEvoy, British Columbia information and privacy commissioner.
For these reasons McEvoy has announced his office has launched new programs to help the roughly 1 million firms, non-profits, doctor’s offices, trade unions and other organizations there understand their obligations under the provincial Personal Information Protection Act (PIPA).
The campaign, largely aimed at small and medium-sized organizations, will include webinars, animated pop-up online videos, podcasts and guidance documents. It will be officially launched on March 7.
New tools will be published on the first Wednesday of each month throughout 2019 on the OIPC website.
The idea for the campaign started when McEvoy looked at responses to a privacy self-assessment toolkit send randomly to B.C. businesses asking for details about their privacy management program.
“Many of them didn’t really understand the most fundamental aspects under our personal information protection act. We also had the same sense from the kind of calls we receive from businesses. We field thousands of calls a year asking what their legal obligations are under the legislation. All of which pointed to the need for a comprehensive education program for businesses of all kinds.”
This despite the fact that PIPA came into effect in 2004. So what does it say that 18 years later many B.C. businesses aren’t informed? Do firms think its just another government regulation?
No, said McEvoy, but privacy hasn’t been “on their radar screens until recently.”
“But I think business more and more are beginning to recognize that there’s an expectation on the part of their customers, on the part of the public, that the data they provide the businesses is going to be properly secured and protected, and treated in a privacy-focused way.”
The site will also have animated pop up videos explaining what is personal information and how to secure it. The podcasts will be fictional recreations of themes the OIPC has handled.
Sponsor: Micro Focus
How GDPR can be a strategic driver for your business