The Privacy Commissioner of Canada has an Interpretation Bulletin dealing with privacy safeguards that can serve as helpful guidance for organizations who are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Many of us have called service providers to change basic information, such as a mailing address. You pick up the phone, speak to a representative, and the change is made; no big deal, right? This seamless scenario may not always be the case. Any little misstep on an organization's part can cause grief not only for the customer, but also for the organization itself. This proved to be true when an employee complained, to the Office of the Privacy Commissioner of Canada, that her employment pension and benefit provider disclosed her personal information to a third party without her consent.
The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA).