When a person does business with a company, they do more than simply exchange money for a product or service. Unless they pay in cash, they also leave behind a trail of personal information about themselves. Their name, address, credit card number and spending habits are all information of great value to them and other people, whether that’s a legitimate marketer or an identity thief.
Without question, many organizations need to collect personal information about consumers for their legitimate business purposes.
However, there are rules to ensure that companies advise consumers about their intent to collect and use their personal information, and obtain their consent. They must also manage the consumer’s information in a way that safeguards their privacy and lessens the chances that their personal information will fall into the wrong hands.
Those rules are set out in the Personal Information Protection and Electronic Documents Act, usually referred to as PIPEDA.
The following are 5 points to consider when it comes to the rights of the consumer under PIPEDA
1. Seeing the personal information
If a consumer wants to see the information that an organization holds about them, they have the right to view that information. The organization must give the information within a reasonable time and at minimal or no cost. There are, however, exceptions, such as if disclosure would threaten somebody else’s life or security.
2. Correcting the record
If a consumer finds errors or omissions in the records that an organization keeps about them, they have the right to have them corrected. If the organization refuses to correct its records, the consumer may require it to attach a statement of your disagreement to the file. This statement must be passed on to any other organization that has access to the information.
3. Considering a complaint
The consumer is entitled to file a complaint if they believe a business is violating any provision of PIPEDA.
For example, a consumer might complain if they run into trouble obtaining their personal information, if an organization refuses to correct information they consider inaccurate or incomplete, or if they suspect their personal information has been improperly collected, used or disclosed.
Under PIPEDA, organizations must have on staff a person who is responsible for privacy issues.
4. Filing a complaint
The Privacy Commissioner is an independent ombudsman who tries to resolve disputes through negotiation, mediation and conciliation. You don’t need to hire special advisers and there is no fee to make a complaint to the Privacy Commissioner.
The Commissioner has the power to investigate and try to resolve the complaint. The Commissioner may also ask the organization to release the consumer’s personal information to them or to correct inaccuracies. The business may also be urged to change its personal information-handling practices.
At the end of the investigation, the Commissioner will report findings to both the consumer and the organization with which they had the dispute.
5. Going to court
If the Privacy Commissioner’s report still has not addressed the consumer’s concerns, they may, under certain circumstances, take their complaint to the Federal Court of Canada.
In cases where the Privacy Commissioner supports the consumer’s position but has been unable to resolve the dispute, the Commissioner may also choose to take the complaint to court on the consumer’s behalf.
The court can order the organization to correct practices that do not comply with the law, and to publish notices of the changes it expects to make. It can also award the consumer with compensation for damages you suffered, such as humiliation.
To better understand archiving and compliance regulations,