The Canadian Standards Association Monday said it would offer an interactive CD-ROM for Canadian organizations to use in order to provide guidance in preparing for the final phase of the national privacy law.
The Personal Information
Protection and Electronic Documents Act (PIPEDA), which has been applied to certain sectors since January 2001, will extend to every organization that collects, uses or discloses information in the course of commercial activity within Canada on New Year’s Day 2004. The problem, according to Richard Rosenberg, a professor in the department of computer science at the University of British Columbia and the vice-president of Electronic Frontier Canada, is that not enough Canadians are educated on what the Act means.
“”Individual Canadians aren’t well informed,”” Rosenberg said. “”It’s been a major responsibility of the federal privacy commissioner’s office to engage Canadians, hold public meetings and discuss with Canadians what it means, but that’s where he (George Radwanski, former privacy commissioner) fell down.””
This lack of education, Rosenberg said, is going to mean that smaller businesses in this country will be scrambling to meet the deadline over the next half year.
“”Large companies have taken it seriously because they’ll be the initial targets if things get tied up, but a good number of small companies are going to have some problems if they don’t get on the ball in the next six months,”” he said. “”It’s going to be an additional expense for them, but first they have to be aware of the law and understand it in terms of the business — what it means for their customers or clients, and what kinds of changes it means in terms of business practices.””
Michael Geist, technology counsel with Osler, Hoskin & Harcourt and a law professor at the University of Ottawa, said that he expects many firms are not going to be compliant with the law.
“”There are two sides to the coin — first, that business will not disclose sufficient information regarding the use and potential disclosure of the personal information being collected and therefore will not have proper consent for its use,”” Geist said. “”Second, that businesses will not be ready for the access requests that individuals may make to learn precisely what a business has in their personal information file.””
This is precisely what CSA’s program is hoping to prevent with its CD-ROM.
Josèe Gauthier, the Mississauga, Ont.-based product manager for the CD-ROM at CSA Group, said the program was developed to address any confusion surrounding the Act.
“”We felt that as Jan. 1, 2004 is going to be coming, people are getting more nervous about how they’ll be affected by privacy. This is a resource tool to help people understand what privacy is and the principles are and things they have to look for,”” she said.
The program contains approximately 400 pages worth of information divided into seven section. It reviews the code and provides a detailed understanding of each of the principles within the code.
According to Gauthier, the program targets specific job titles such as HR managers, marketing managers and network operations managers and demonstrates how to apply the Act accordingly.
Like Rosenberg, Geist said that that despite the best efforts of professional service firms such as lawyers, accountants and consultants, along with groups such as the CSA, the Canadian Bankers Association and the government, many organizations are unaware of their forthcoming obligations under the law.
“”Their awareness often begins and ends with the recent controversy involving the now-former privacy commissioner of Canada,”” Geist said.
Comment: [email protected]