Technology makes passing information easy, complying with privacy law tough

While PIPEDA’s application to private-sector firms that aren’t federally regulated only covers customer information, HR departments are well-advised to ensure employee information is also protected
By Natalie C. MacDonald
|CHRR, Guide to HR Technology|Last Updated: 03/09/2004


rivacy is one of the hottest buzzwords in HR. And because technology makes it so easy to transmit reams of information in an instant, ensuring an organization is in compliance with federal and provincial privacy legislation can be a challenge. Two recent decisions to privacy complaints show the dangers in being lax when it comes to using technology.

The Personal Information Protection and Electronic Documents Act (PIPEDA), which governs the management of personal information, first came into effect on Jan. 1, 2001 for federally regulated organizations. But the big milestone date for the legislation was Jan. 1, 2004, when it was extended to cover the private sector. The exception is where a province has passed substantially similar legislation. Quebec passed its privacy law in 1994. B.C. and Alberta passed their own legislation that took effect Jan. 1, 2004, but Industry Canada is still reviewing the legislation to determine if it is substantially similar to PIPEDA.