Marketing Ethics and Law BUSM14717

Law Assignment

Submitted to: Paul Sarkissian Submitted by: Guriqmaan Singh

About PIPEDA
PIPEDA (Personal Information Protection of Electronic Documents Act) was passed by the federal government to regulate the collection, use, disclosure, retention, access and security of personal information in the course of commercial activity. The PIPEDA obliges that any business that gathers, utilizes or reveals personal information within the course of commercial action create security approaches and practices based on ten protection principles of the Canadian Standard Association's Model Code for the Protection of Personal Information. This code was created by Canadian businesses, buyers and government through the Canadian Standards Association and has been consolidated as a calendar to PIPEDA. Ten privacy principles of PIPEDA are: 1. Accountability 2. Identifying Purposes 3. Consent 4. Limiting Collection 5. Limiting Use, Disclosure and Retention 6. Accuracy 7. Safeguards 8. Openness 9. Individual Access 10. Challenging Compliance

Explanation of 3 principles (Accountability, Identifying Purposes, Challenging Compliance) with example

1. Principle Accountability
An association is answerable for the personal information under its control and ought designate a an individual or individuals who are responsible for the association's consistence with the PIPEDA privacy rule. Under the Accountability principle, organization must:
Accept responsibility for personal information under its control. Designate no less than one agent to be responsible for the organizations agreeability with the 10 standards set out in Schedule 1 of PIPEDA; Make the personality of the designated individual(s) known on request Secure all personal information in the association's ownership or care, incorporating information that has been exchanged to a third party for processing.

 1. 2. 3. 4.

Use contractual or different intends to guarantee a comparable level of protection while personal information is with third party for processing. Develop and implement policies and practices to maintain the 10 standards set out in Schedule 1 of PIPEDA including: Strategies for securing personal information Building strategies for getting and reacting to complaints and requests Preparing staff and conveying information to staff about the organizations policies Advancing information to explain the organizations policies and procedures. (office of the privacy commisioner of canada, 2013)

For example Canadian Institute of Management develop and implement a system to

monitor organizations compliance with PIPEDA on an ongoing basis. CIM also communicate policies and practices to the customers or visitors for collection and use of personal information and the steps they take to protect their personal information. The Association has a privacy officer who may be contacted for any concerns, clarification or possible abuse of the privacy policy. CIM clearly specifies how individuals may: 1. Attain access to their personal information 2. Correct/ update their personal information 3. Make inquiries about the organizations privacy policies (Canadian institute of management)

2.Principle Identifying Purposes

This principle states that the purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. Under the Identifying Purposes principle, organization must: Document its purposes for collecting personal information. Notify clients or customers before using personal information for any purpose which is not identified at the time of collection. if an organization use its workers to gather personal information, for example, approaching clients for their locations or telephone numbers when they buy items or administrations, those representatives ought to have the ability to clearly demonstrate why personal information is obliged when they request its gathering. (office of the privacy commisioner of canada, 2013)

For example TELUS, a telecommunication company clearly record in writing all the reasons
why you collect personal information. All the relevant documents like terms of agreement, application forms, privacy codes and privacy commitments in PDF format are available on the

website. On the website and in all the documents TELUS, clearly explain why information is collected from the customers. (telus, 2013)

3. Principle Challenging Compliance

The principle of Challenging Compliance states that people should have the ability to test an organization's compliance on any of the protection principles of PIPEDA. Under the Challenging Compliance principle organization must: Set up complaint procedures that are accessible and simple to use. Put in place procedures for receiving and responding to complaints concerning the organizations policies and practices relating to the handling of personal information. Inform complainants of the existence of relevant complaint procedures; investigate all complaints; and take corrective action/ measures if a complaint is found to be reasonable including revising policies and practices, if necessary. (privacysense.net, 2014)

For example:

Edgecrest Capital Corporation Develop simple and easily accessible procedures for receiving and responding to inquiries and complaints about personal information handling policies and practices in the company. If a complaint is being submitted on behalf of another party, that party must provide evidence of authorization from the client to act on its behalf. Edgecrest acknowledge complaint within five business days. (edgecrest capital corporation, 2013)

Bibliography
Canadian institute of management. (n.d.). Canadian Institute of Management P.I.P.E.D.A. Compliance. Retrieved from canadian institute of management: http://www.cim.ca/privacy edgecrest capital corporation. (2013). Complaint Procedures for Edgecrest Capital Corporation. Retrieved from edgecrest capital: http://www.edgecrest.com/upload/pdf/Complaint_Procedures_for_Edgecrest_Capital_Corporation.pdf office of the privacy commisioner of canada. (2013). PIPEDA Self-Asses ment Tool. Retrieved from http://www.privcom.gc.ca/. privacysense.net. (2014). The 10 Privacy Principles of PIPEDA. canada. telus. (2013). telus privacy. Retrieved from telus: http://about.telus.com/community/english/privacy