The COVID-19 pandemic changed the way people do business. For many businesses, government regulations currently require operators to record the name and contact information of every person who enters the establishment and to maintain these records for at least one month. The purpose of this is to assist with contact tracing should a COVID-19 outbreak occur at an establishment. For other businesses, collecting personal information is a by-product of increasingly doing business online.
Business owners must be aware of the implications when collecting this sort of private information and the laws that govern its collection. In particular, the federal Personal Information Protection and Electronic Documents Act SC 2000, c5 (PIPEDA), sets the ground rules for handling personal information in the course of commercial activities. This act applies whether businesses are collecting personal information in person or online.
The following are best practices that businesses should adopt in order to be compliant with PIPEDA and other applicable privacy laws:
- Understand and identify the purpose for collecting private information. Do not collect more information than is necessary.
- Adopt privacy policies and procedures that set out the reason for collecting information, the length of time the information will be stored and its destruction procedure. Do not collect any information contrary to these procedures.
- Appoint someone to be responsible for privacy issues.
- Make information about your privacy policies and procedures available to customers.
- Inform customers of the purpose for collecting this information and obtain consent.
- Keep the information only for as long as is necessary and then destroy it using proper procedures.
- Use proper safeguards when storing the information. Do not leave the information in plain sight and keep it safe.
- Develop a simple and easily accessible complaint procedure. If a customer contacts you about a privacy concern, the customer should be informed about avenues of recourse.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.