Federal Privacy commissioner embarks on private privacy campaign

Privacy Commissioner of Canada Daniel Therrien

OTTAWA—The federal privacy commissioner wants to encourage private enterprise to respect your privacy and has embarked on a media campaign to coincide with the global observance of Data Privacy Day on January 28.

“Strong privacy practices are good for business,” said Privacy Commissioner of Canada Daniel Therrien in a news release warning “businesses that don’t have strong privacy controls risk losing their competitive advantage in today’s increasingly privacy conscious marketplace.”

The privacy commissioner’s message is not only designed for major companies, however. The campaign is also aimed at those “thousands of smaller businesses operating across Canada in tiny towns and bustling metropolises from coast, to coast, to coast.” This makes a lot of sense when one considers that 98 percent of companies operating in Canada employ fewer than 100 people.

“I understand that smaller businesses face many compliance pressures on top of day-to-day operational demands, but strong privacy practices are not just good for customers; they’re good for the bottom line,” said Privacy Commissioner Therrien. “Canadians are telling us that they prefer to do business with companies that have good privacy practices.”

The privacy commissioner notes that roughly a third of all private sector privacy complaints under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act, seem to involve smaller businesses.

The list of businesses, about which Canadians make privacy complaints, is extensive. It includes landlords, hotels, real estate agencies, collection agencies, travel agencies, independent local retailers and financial planners.

Commissioner Therrien says businesses often don’t realize that what they’re doing could create unnecessary risks for privacy.

Grievances involving smaller businesses include the improper use or sharing of a person’s information. This can be as simple as a misdirected letter, he says, and as serious as an employee snooping into a client’s personal file.

“Smaller businesses need to ask themselves what proactive measures they are taking to safeguard the privacy of their customers and to mitigate data breaches,” continued Commissioner Therrien.

“As we mark Data Privacy Day, I would encourage all businesses to use this opportunity to take stock of, and strengthen where necessary, their privacy practices. My office is here to help.”

The release from the Privacy Commission lists six key steps businesses can follow to get on the right privacy track. Those include: limiting the amount of customer information you collect to what is necessary for the purposes of delivering a product or service; making it clear to customers in an easy-to-understand privacy policy why you need and how you’ll handle their personal information; knowing exactly what data is being collected, how it’s stored, who has access to it, how long it’s kept as well as when and how that data is discarded; training staff on the importance of privacy protection; refraining from collecting sensitive information, such as health or financial data, if it is not required for the business transaction; and responding to customer requests for access to their personal information and designating a point person to respond to customer questions about privacy.

For more tools on privacy protection, visit www.priv.gc.ca/business.