New Mediatrix

| home |

- services -
| print design |
| web design |
| publication design |
| photography |

| portfolio |

| news |
| articles |
| accolades |
| about |
| contact |

articles

back to articles menu

how the new privacy laws affect your website

Starting in January, 2004, the Canadian government's new Personal Information Protection and Electronic Documents Act (PIPEDA) will extend to websites that collect, use, or disclose personal information in the course of any commercial activity within a province.

What is considered personal information?

Personal information can take any form such as:

  • name, address, phone number, email address
  • survey information such as evaluations, opinions, or comments
  • credit card information
  • resumes and other career information submitted into job search sites
  • automatically submitted information such as IP addresses in web statistics

How do I comply with PIPEDA?

The following key recommendations will help to ensure that your organization is complying with the new Act and providing a secure environment to its users:

  1. Be Accountable
    Have a concise Privacy Policy that is easily accessible on your website. It should outline the purposes of your personal information collection, security measures for storage of the information, ensure that information will not be sold to third-party vendors, and have a contact method for inquiries or complaints.

  2. Identify the Purpose of Collection
    At the point of the personal information collection, make sure to clearly identify the purpose of the collection. For example, at the sign-up page for a newsletter, specify that the information will only be used for sending out the newsletter. Many websites now have checkboxes that allow users to choose additional options such as "send me the X newsletter" and "send me additional information about X".

  3. Obtain Consent
    When collecting personal information for items such as newsletters, you must obtain the user's consent to use the information for this purpose. Many websites ask the user to check off their options as consent as part of the submission form, such as "send me the X newsletter". Record the consent received for proof if needed at a later time.

  4. Limit the Amount of Information Collected
    You should limit your collection of information to what is needed for your purposes. For example, if you are asking the user to enter personal information to receive a digital newsletter, you should only be asking for their email address and perhaps their name for personalization. An address would be inappropriate as the newsletter would be sent digitally, unless you are customizing by region.

  5. Limit the Use and Retention of Information
    Use and disclose personal information only for the purposes for which it was collected, and keep it only for as long as necessary. For example, you should discard personal information submitted for an online contest once it is finished and not use the information for sending the users promotional material.

Getting your website Privacy-compliant does not have to be a burden - the key recommendations above and a few corporate and database strategies will have you on your way to a PIPEDA compliant site within no time.

Take the PIPEDA Privacy Quiz and check your Privacy Act knowledge.

Contact New Mediatrix for an assessment of your website to see if it meets PIPEDA standards.

back to top



© New Mediatrix. All Rights Reserved. Privacy Policy.