It’s time to face the inevitable and comply with privacy laws

Adequate protection of personal information is a prerequisite to electronic data transfer.
By Shawn Cohen and Adrienne V. Campbell
|Canadian HR Reporter|Last Updated: 04/30/2003

When you heard about the privacy provisions of Ottawa’s Personal Information and Electronic Documents Act (PIPEDA), you probably either heaved a sigh of relief because it didn’t apply to your organization, or you, perhaps grudgingly, implemented procedures to comply with the new law. If you fall into the latter category, you may still be feeling resentful, given the expanded scope of PIPEDA that came into effect on Jan. 1, 2002.

PIPEDA deals with the collection, use, disclosure and custody of personal information. “Personal information” was expanded as of Jan. 1 to include “personal health information” so that the definition of what is protected is now virtually all-encompassing (see the “Privacy primer” below.)

But perhaps it’s time for a change in attitude. Despite the challenges in complying with the law, it actually makes good business sense to implement protection of employees’ confidential information as soon as possible.