Privacy Policy

The following information comes to LCC courtesy of Strategies Canada, Landtech Computer Consulting recognizes the company's obligations under the PIPEDA.

What Landtech Computer Consulting's obligations under the Personal Information Protection and Electronic Documents Act?

The PIPEDA establishes a set of ten principles that organizations must follow when collecting, using and disclosing personal information in the course of commercial activity. The Principles are as follows:

  • Accountability : An Organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
  • Identifying Purposes : The purposes for which personal information is collected, use or disclosure or personal information, except where inappropriate.
  • Consent : The knowledge and consent of the individual are required for the collection shall be identified by the organization at or before the time the information is collected.
  • Limiting Collection : The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
  • Limiting Use, Disclosures and Retention : Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as lon as necessary for the fulfillment of those purposes.
  • Accuracy : Personal information shall be as accurate, complete and up-to-date as in necessary for the purposes for which it is to be used.
  • Safeguards : Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
  • Openness : An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
  • Individual Access : Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and be given access to that information. An individual shall be able to challenge that accuracy and completeness of the information and have it amended as appropriate.
  • Challenging Compliance : An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.

Does PIPEDA apply to business?

The PIPEDA governs "organizations," a term that includes persons, associations, partnerships and trade unions. The term, "persons" includes corporations as well as individuals. Organizations are generally subject to the Act to the extent that they collect, use or disclose of personal information in the course of commercial activity. In this regard, even small businesses must establish a privacy program.

Because the nature, size and complexity of operations vary from one organization to another, a privacy compliance regime should be tailored to meet the needs of the individual business. In fact, the PIPEDA is flexible and allows organizations to tailor its principles to their own activities and to the nature of the information in their custody.

Does PIPEDA apply to only e-commere or on-line business?

PIPEDA applies to traditional, paper-based business activities as well as on-line activities and e-commerce transactions. All businesses must comply with the legislation. Any organization collecting, using or disclosing personal information in the course of commercial activity is subject to the act.

What is Personal Information?

The PIPEDA sets a number of rules to which organizations must adhere to when collecting, using or disclosing personal information in the course of commercial activity.

PIPEDA defines personal information as "information about an identifiable individual" that includes any personal information, recorded or no, in any form, including digital or paper format. For example, the following would be considered personal information:

  • Names,address,telephone number, gender;
  • Identification numbers, income or blood type;
  • Credit records, loan records, existence of a dispute between a consumer and a merchant, and intentions to acquire goods or services.

Under PIPEDA, personal information does not include the name, business title, business address, business telephone or any employee, i.e. information on a business card.

How PIPEDA will affect collection of personal information:

What are the different forms of consent? How do business get the consent from an individual?

The PIPEDA requires knowledge and consent by an individual for the collection, use or disclosure of his or her personal information in the course of commercial activity.

An organization is expected to inform its clients of the purpose for which their information is being collected. This information must be provided in a manner that can be reasonably understood by the clients.

It must also obtain their consent prior to disclosing their personal information to a third party or using it for a different purpose.

The form of consent sought by organizations may vary, depending on the sensitivity of the information. An organization should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive. Consent can be given in different ways, for example: a form, a check-off box, orally, etc.

What is safeguarding? What sort of security does Landtech Computer Consulting need?

PIPEDA dictates that personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

It is the businesses responsibility to protect personal information from loss or theft and to safeguard it form unauthorized access, disclosure, copying, use or modification. Personal information should be protected regardless of the format in which it is held.

Security safeguards can be the following:

  • Physical measures (locked filing cabinets, restricting access to offices, alarm service)
  • Technological tools (passwords, encryption, firewall's, anonymizing software)
  • Organizational controls (security clearances, limiting access on a "need to know" basis, staff training, confidentiality agreements)

The following factors should be considered in selecting appropriate safeguards:

  • Sensitivity of the information
  • Amount of information
  • Extent of distribution
  • Format of the information (electronic, paper, etc.)
  • Type of storage
The information above provided by www.strategis.gc.ca