CPO TO GO

When Canada enacted its private sector legislation (the Personal Information Protection and Electronic Documents Act, or PIPEDA), it followed a process that few other countries used.  The Canadian process began with a National Standard, prepared through the auspices of the Canadian Standards Association.  The CSA is a standards development body better known for its work in electrical wiring and hockey helmets than for data protection.  But the CSA privacy code was at the center of later developments.

The Canadian code for the protection of personal information emerged from a multi-stakeholder committee composed of representatives of industry, consumers, government and other interests and organizations such as unions,.  The fundamental principle which all agreed on was that the code should be common sense.  That was a good start, but the code became PIPEDA, and law isn’t as common sense as everyone would like.  Market changes and international developments added complexity to privacy, and these factors continue to affect organizations in Canada.

Digital Discretion can make it easy for your organization to meet customer expectations for the protection of personal information, to manage your information assets, to fulfill your legal obligations, and to protect your organization from privacy risks,  Not every organization can afford to have a dedicated Chief Privacy Officer whose only job is compliance with privacy legislation, but everyone is accountable under the law, so it is important to ensure that you are compliant. Digital Discretion’s services are useful for any organization, whether commercial, non-profit, or governmental.

Digital Discretion offers three tiers of services:

Tier 1:  Basic privacy compliance:
·      A scan of your practices with respect to personal information;
·
      Development of a privacy policy for your organization that complies with PIPEDA and reflects your organization’s operations, needs, and culture;
·
      Training of key personnel in the policy; and
·
      Briefing of senior management on privacy roles and responsibilities.

Tier 2:  Enhanced privacy services:
·
      All services in Tier 1; plus
·
      Preparation of materials (including website content) for communication to clients, forms for access to information, complaints, etc.;
·
      Detailed risk assessment of your business to ensure management is aware of risks and trends; and
·
      Ongoing support in case of complaints, complex requests, security breaches, changes in the law, or changes in your operational requirements, at an hourly rate.

Tier 3:  CPOtoGO
·
     All services in Tier 2; plus
·
     Annual assessment of business practices;
·
     Annual review of the policy and forms to ensure compliance;
·
     Annual training of key staff;
·
     Regular and on-demand briefing of Senior Managment on roles, risks, and trends;
·
     Special reports on emerging issues as they arise and are relevant to your operations;
·
     Access to our experts at any time on privacy questions; and
·
     Crisis management services, such as complaint handling, advice on security audits, crisis communications, and breach management.

All services come at a base price depending on the size and complexity of your organization, and hourly rates for additional as and when services.  CPOtoGO is designed to give you and your organization the confidence to move forward on your privacy plan, without tying up your own human resources to become experts in a rapidly changing field.  Know who to call when you have a privacy problem?  You do when you are a CPOtoGO subscriber!

Why Digital Discretion?

Stephanie Perrin and Heather Black worked for several years on the drafting of PIPEDA, and then wrote a text explaining it, entitled The Personal Information Protection and Electronic Documents Act, an Annotated Guide (Irwin Law, Toronto, 2001).  Black went on to become first legal Counsel at the Office of the Privacy Commissioner, interpreting the new law, and then the Assistant Commissioner for PIPEDA until her retirement in 2008.  We know this law well, and we can guide you through compliance with it and with provincial law which is substantially similar.  Digital Discretion’s associates have knowledge and experience in privacy matters around Canada and around the globe.   If your organization needs to confront any privacy law, problem, or need, Digital Discretion can help you decide what to do, can help you do it, and can do it for you.

© Digital Discretion 2013