Under Personal Information Protection and Electronic Documents Act (PIPEDA), there is nothing that prevents organizations from outsourcing the processing of data inside or outside of Canada—however, organizations must take all reasonable steps to protect that information from unauthorized uses and disclosures when it is in the hands of third party processors. This is where accountability, the first principle in PIPEDA, comes in; and there are obligations to meet regarding training staff that are highly relevant.
You may be wondering, what exactly is “safeguarding” personal information? Thankfully, the Office of the Privacy Commissioner of Canada has clarified how safeguarding can reduce the risk of privacy breaches.
Clear Path recently challenged what could be considered a precedent-setting decision from the Workplace Safety and Insurance Board (WSIB) that would have put certain employers at a serious disadvantage.
Employees have taken work home with them on laptops, portable media and via email for many years. Since the advent of the smartphone, however, the scale of the practice has expanded dramatically, and data is now more likely in workers’ pockets or purses than on their desks at home.
Employers are increasingly drafting and implementing bring-your-own-device (BYOD) policies for their employees. And they should be, since employees are increasingly using their personal digital devices—phones, tablets, laptops—to perform work, both in and out of the workplace. But employees may have trouble trusting their employers to stay out of their personal information…
A weekend Toronto Star article reported that employees at the Canada Revenue Agency are improperly reviewing the private financial affairs of taxpayers. Some are using agency computers to give favoured treatment to colleagues, friends, family—and themselves…