First Reference company logo

First Reference Talks

News and Discussions on Payroll, HR & Employment Law

decorative image

PIPEDA

Privacy Commissioner of Canada provides guidance on meaningful consent

Obtaining meaningful consent represents a significant responsibility, and the Privacy Commissioner has created a checklist to assist organizations in achieving compliance.

 

, , , , , , , ,

Privacy Commissioner of Canada provides guidance on inappropriate data practices

The Privacy Commissioner has outlined several “No-Go Zones”, and organizations are recommended to avoid collection, use and disclosure of personal information for these inappropriate purposes.

 

, , , , , , , , , , , , , , , , , ,

The European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018 – what does this mean for Canadian organizations?

When determining whether the GDPR applies to our organization, it is important to ask questions such as, “Do I have an establishment in the EU?”, “Do I offer goods or services to individuals in the EU?”, and “Do I monitor the behaviour of individuals in the EU?”

 

, , , , , , , , , , , , , ,

Privacy Commissioner of Canada creates draft guidance document outlining inappropriate data practices and no-go zones

On September 28, 2017, the Privacy Commissioner of Canada created a draft guidance document providing clarification on inappropriate data practices, specifically focusing on subsection 5(3) of the Personal Information Protection and Electronic Documents Act (PIPEDA). This provision is entitled, “Appropriate purposes”, and states that, “an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances”.

 

, , , , , , , , , ,

Proposed privacy breach of security safeguards under PIPEDA

Organizations that have control over an individual’s personal information are recommended to become familiar with the proposed requirements so that they are prepared to respond to the changes.

 

, , , , ,

PHIPA fines in the workplace

This spring the largest penalty to date was issued under Ontario’s Personal Health Information Protection Act (PHIPA). A social work student was convicted of accessing personal health information without authorization, and ordered pay a $20,000 fine and a $5,000 victim fine surcharge.

 

, , , , , , , , ,

HR and IT: An uneasy alliance

HR is being called on to focus primarily on strategic goals and to add increasing value to organizations. The other field that has become an integral part of business is technology. It is therefore not surprising that in HRs effort to become increasingly relevant, IT is being leveraged in the execution of the HR function in an increasing number of ways. This e–HR revolution has taken many forms, from applicant tracking systems, to machine learning in recruitment and selection to software driven onboarding and employee HR support. The consequence of this is that more and more HR activities are being executed electronically—by a computer instead of by a person.

 

, , , , , , , , , , , , ,

Principle of accountability under PIPEDA

Under Personal Information Protection and Electronic Documents Act (PIPEDA), there is nothing that prevents organizations from outsourcing the processing of data inside or outside of Canada—however, organizations must take all reasonable steps to protect that information from unauthorized uses and disclosures when it is in the hands of third party processors. This is where accountability, the first principle in PIPEDA, comes in; and there are obligations to meet regarding training staff that are highly relevant.

 

, , , , , , , ,

“Safeguarding” personal information clarified

You may be wondering, what exactly is “safeguarding” personal information? Thankfully, the Office of the Privacy Commissioner of Canada has clarified how safeguarding can reduce the risk of privacy breaches.

 

, , , , , , ,

Three popular articles this week on HRinfodesk

The three popular articles this week on HRinfodesk deal with: an employee who described their workplace as a “sh*t hole” on Facebook was found to be justly terminated; how to prepare for marijuana legalization in Canada; and a pension and benefit plan provider who breached privacy law, causing an employee to lose life insurance coverage.

 

, , , , , , , , , , , , , , , ,

Loose lips sink shifts?

A recent online article reported that two seventeen-year-old employees were fired from a Kansas City pizza joint for talking about their pay rates. Both were new employees with the same experience, and the female employee discovered she was earning $0.25/hour less than her male co-worker. When she contacted her employer for an explanation, she was fired for discussing wages with a co-worker, as was the male co-worker. The employer advised that discussing pay was against employer policy, even though both employees stated that such policy was never disclosed to them.

 

, , , , , , , , , , , , , , , , , , , ,

Three popular articles this week on HRinfodesk

The three popular articles this week on HRinfodesk deal with: An employee’s complaint regarding video surveillance cameras pointed toward her work area without the employer informing her of the installation; an FAQ that looks at an employer’s overpayment of vacation pay on a former employee’s final pay; and the Ontario Ministry of Labour’s plan to conduct targeted employment standards and occupational health and safety blitzes in workplaces across the province over the next year.

 

, , , , , , , , , , , ,

Digital Privacy Act is now law

The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA).

 

, , , , , , , , , ,

Personal information and medical leaves – careful what you disclose

I recently read an interesting case made by the Office of the Privacy Commissioner of Canada (decision 2014 – 014) stating that under subsection 5(3) of the Personal Information Protection and Electronic Documents Act (PIPEDA) that the employer’s purposes for disclosing the employee’s personal information regarding his medical leave were not appropriate in the circumstances and were not necessary for the organization to meet its employee schedule management needs in the context of its work environment.

 

, , , , , , , ,

Three popular articles this week on HRinfodesk

Three popular articles this week on HRinfodesk deal with the Expedia annual vacation survey; the state of privacy in Canada; and, Alberta’s new progressive personal income tax system.

 

, , , , , , , , , , ,

Previous Posts