In part 3 of the Data Protection tale of Canada, we discussed the 5 fair information principles and the remaining 5 principles we shall discuss here.
6) Accuracy (4.6): this principle assures the accuracy of data and mandates that the personal information shall be accurate, complete, and up-to-date as is necessary to accomplish the purposes for which it has been collected. However, the organization is not required to update the personal information in routine unless it is necessary to fulfil the purposes for which the information was collected.
7) Safeguards (4.7): this principle works as a shield to the personal information, it not only works as a shield but ensures that personal information is secured as per the safeguards formulated appropriately to the sensitivity of the information.
This provision mandates that the security safeguards should be capable to protect the personal information from loss or theft as well as unauthorised access, disclosure, copying, use or modification.
There are following methods as set out under the PIPEDA to ensure the safety of personal information and they are:
1) locked filing cabinets and restricted access to office
2) security clearances and limiting access on need-to- know basis
3) password protected files and encryption
This list is indicative and not exhaustive, organization can use other methods as well, as long as those methods are serving the purposes.
8) Openness (4.8): this principle speaks of transparency which an organization is mandated to disclose with regard to its policies and practices with respect to the management of personal information. Organization can not disguise its policies; it has to be as clear as water.
9) Individual Access (4.9): under this principle an individual can request an organisation or an organisation should inform of the existence, use and disclosure of his or her personal information and provide the access to the personal information. Under this principle an individual can challenge the accuracy of the personal information.
However, this principle has some exceptions for eg. in case providing the information will cost much, the information has reference to other individual’s information, legally secured information, or solicitor-client privilege or litigation privilege. In these situations organisations can deny in giving the access stating the reasons.
10) Challenging Compliance (4.10): as per this principle an individual be able to address a challenge concerning compliance with the 10 PIPEDA fair principles. This principle has a grievance redressing approach and enables an organization to conduct an investigation pertaining to the complaints and if it appears that the complaint has justified grounds then the organization has to amend it’s policies and practices.
………… to be continued…….