The accountability guidance assists organizations in considering
the following essential elements of demonstrating accountability
under privacy legislation in Canada. In particular, privacy
legislation in Canada is typically interpreted as requiring:
Privacy Officer. The appointment of a
designated person to oversee compliance with Canadian privacy
legislation. In larger organizations, this may require a privacy
group or office.
Policies & Education. The establishment of
privacy policies and processes for training and on-going training
of employees with respect to those policies.
Governance of Third-Party Processors. The
inclusion of privacy guarantees and audit rights with respect to
the organization's third-party processors of personal
Inquiries & Complaints. Systems to
identify requests for access and correction of personal information
or complaints regarding the collection, use, retention or
disclosure of personal information and trained staff to respond to
those requests and complaints. This also requires organizations to
understand what personal information they have collected and who
has custody of it.
Risk Assessment. Organizations are responsible
for engaging in risk assessment in all aspects of the life-cycle of
personal information – collection, uses, new uses,
retention, disclosure and destruction of information –
and to demonstrate risk-minimization strategies through
administrative, physical and technological procedures.
Breach Response Procedures. Organizations
should have breach detection and response protocols that are
compliant with general privacy principles and any applicable
mandatory breach notification requirements.
About Fraser Milner Casgrain LLP (FMC)
FMC is one of Canada's leading business and litigation law
firms with more than 500 lawyers in six full-service offices
located in the country's key business centres. We focus on
providing outstanding service and value to our clients, and we
strive to excel as a workplace of choice for our people. Regardless
of where you choose to do business in Canada, our strong team of
professionals possess knowledge and expertise on regional, national
and cross-border matters. FMC's well-earned reputation for
consistently delivering the highest quality legal services and
counsel to our clients is complemented by an ongoing commitment to
diversity and inclusion to broaden our insight and perspective on
our clients' needs. Visit:
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The Personal Information Protection and Electronic Documents Act ("PIPEDA") does not prevent organizations from transferring personal information out of Canada, but instead leaves the decision – and accountability – up to the organization transferring the information.