The Personal Information Protection and Electronic Documents Act (PIPEDA) requires that companies that retain and use personal information about people, adopt certain practices to protect the privacy of the people who are the subject of such information.

While the provisions of the Act are straightforward, the implications for a given company are not. The Act is currently in force for federally regulated businesses and companies that transmit data across provincial boundaries for commercial purposes.

On January 1, 2004, the Act came into effect for all commercial activities.

The Need:
  • Companies need to be assured that at a minimum they comply with PIPEDA, since the consequences of non-compliance can be lawsuits, financial penalties, and damage to brand, reputation and customer relationships.

The Benefits:
  • Greater understanding of specific business and systems risks associated with compliance with privacy legislation in your organization
  • Greater clarity on possible mitigations to reduce privacy risks
Service Deliverables:

Privacy Readiness Assessments, including:
  • A review of the organization’s compliance with PIPEDA, FIPA, MFIPA or PHIPA,, including identification of the gaps between current practices and legislative requirements
  • Assessment of the issues and risks posed by the gaps
  • Identification of high risk areas requiring detailed analysis
  • Recommendations for remedial actions that are clearly called for

Privacy Impact Assessments, including:
  • Assessment of the changes in collection, use and disclosure of personal information will result from a change initiative, with respect to PIPEDA, FIPA, MFIPA or PHIPA
  • Recommendations to assure that the changes are compliant with PIPEDA, FIPA, MFIPA or PHIPA

Privacy Analysis and Remediation, including:
  • In-depth fact finding and analysis of data collection, flows and uses to identify non-compliance incidences and their attendant risks
  • Recommendations for remedial action.

Our Edge:
  • Deep knowledge of information management and business models enables us to readily perceive information processes through a privacy perspective, and deliver spot-on assessments and recommendations
  • A framework-based approach that assures rapid and thorough privacy assessments
  • A pre-defined "semantic model” of privacy legislation, that provides a fast start, higher quality, and a streamlined assessment process
  • Proven track record in conducting privacy assessments.
  • Partnerships with privacy legislation experts and Human Resources experts ensure that all aspects of privacy - People, Process and Technology - are taken into account