How often do you “like” a post on social media or share your email address with a clothing store? If you’re like me, this happens almost daily.
Now there’s nothing wrong in “liking” that post on McDonalds hamburgers, but by doing so, you let companies collect some data on you. Almost every company collects data on their consumers – which is great! Data collection lets companies know what customers want so they can change their product/services based on what you like.
But like every good thing, there is a downside. Sometimes companies will sell your data to others without your consent or fail to protect your data against hackers (hello Facebook!). Therefore to make sure our data is safe, we often rely on government policy.
What policy may this be? Well since 2004, the Federal Government has used PIPEDA to regulate data collection by the private sector.
What is PIPEDA?
The Personal Information Protection and Electric Documents Act (PIPEDA), is a set of 10 rules for private sector companies. At the most basic level, these rules say that organizations must get consent to collect personal information, be open about the use of the collected data and protect the data properly. The 10 rules are:
- Identifying Purposes
- Limiting Collection
- Limiting Use, Disclosure and Retention
- Individual Access
- Challenging Compliance.
To learn more details about each of these rules, check out the Canadian Government’s website here.
A key thing about PIPEDA, is that the rules are for every type of data collection. This means that it includes everything from telephone surveys to corporate questionnaires. As a result, there are no specific rules for online collection, which is not great in a digital world.
The Data Privacy Act
In November 2018, the Data Privacy Act was launched. This Act adds new rules to PIPEDA to make it better for today’s world. Many of the new parts are for data breaches and other key aspects, such as:
- New Consent Requirements
- Data Breach Notifications
- More Power for the Commissioner
- Revised Scope of Application
To learn more about the Data Privacy Act, click here.
Is PIPEDA Enough?
PIPEDA is a good policy as it keeps consumers safe from many types of data risks. However, there are people who believe that PIPEDA isn’t good enough. Some common criticisms include:
Poor Punishment & Execution
PIPEDA has not done a great job in making sure companies follow their rules. Similarly, they have not created strong punishments for breaking the rules. As a result, many companies choose not to use PIPEDA’s rules when collecting data.
Weak Consent & Transparency Rules
The rules set for companies on consent and transparency are not as strong as some would like. Therefore, stricter rules may be needed on how companies get consent and what they have to share with the public.
Behind on Digital
Currently, there are no rules for cookies and other digital data collection tools. As more and more data is collected online, it is important for PIPEDA to make sure our data is safe here.
PIPEDA is aware of some of the flaws with the current policy. As a result, they have set goals to work through 2020 to make the rules better. These goals include:
- Looking at what role ethics plays in big data, analytics and AI
- Creating rules for the right to be forgotten
- Making more strict rules on consent
Overall, PIPEDA was a good starting point for data privacy but it is not enough. In today’s digital world, data’s status as king is more and more obvious. As a result, companies are doing everything they can to collect our data. From pulling data from cookies and our “connected” accessories, it’s becoming more difficult to know what data we are sharing. Consequently, new rules for digital data collection are needed. Consumers need to be protected and aware of how their data is being collected and used on the digital front.
We’d love to chat! For all things digital, reach out to us at firstname.lastname@example.org