Did you know that several laws and regulations apply to businesses in the private sector and that requirements regarding the security of your website and the personal data collected on it must be respected? Thus, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) aims at the collection, use or disclosure of personal information […]
Did you know that several laws and regulations apply to businesses in the private sector and that requirements regarding the security of your website and the personal data collected on it must be respected?
Thus, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) aims at the collection, use or disclosure of personal information in the course of commercial activity.
Several provinces, including Quebec, have adopted laws essentially similar to the federal privacy law. However, PIPEDA continues to apply to any interprovincial or international activity of organizations covered by the Act as well as to organizations regulated by the federal government such as banks, telecommunications companies and transportation companies.
In Quebec, the Act respecting the protection of personal information in the private sector aims to establish specific rules regarding personal information about others that a person collects, holds, uses or communicates to third parties in the course of operating a business.
Personal information is defined as any information/data that concerns a natural person and allows them to be identified. The Act applies to this personal information regardless of the nature of its medium and the form in which it is accessible: written, graphic, sound, visual, computerized or otherwise.
Any person carrying on an enterprise must take reasonable security measures to ensure the protection of personal information collected, used, communicated, stored or destroyed (section 10).
Any person carrying on an enterprise must ensure that the files they hold on others are up to date and accurate at the time they are used to make a decision relating to the person concerned (section 11).
The use of information is permitted only with the consent of the person concerned (section 12).
Consent to the collection, communication or use of personal information must be manifest, free, informed and given for specific purposes. This consent is valid only for the time necessary to achieve the purposes for which it was requested (section 14).
See more clearly by answering a few questions to help you determine the actions to take regarding the security of your website and the consent of the persons concerned:
It is thanks to this certificate that data can be encrypted between your web server and your visitors.
Today, it is essential to have an “s” in https:// in your website address if you want to maintain credibility with your visitors and if you want browsers and Google to recognize you as “secure”. This point is important enough that Google decided that with the release of Chrome 68, carried out in July 2018, any site not using the secure HTTPS protocol will be identified as not secure.
This will ensure that each page is officially secure. Simply activating an SSL certificate on your site is therefore not sufficient.
If you use WordPress, do not forget to change all links to your resources manually in the database and do not forget to make a backup.
Make sure your web browser is kept up to date and that security patches are regularly applied. This helps avoid security breaches that could expose your personal data or that of your clients to cybercriminals.
Create or adjust your privacy statement: it must indicate what personal data is collected and how the company uses it. It must inform website visitors of your practices regarding the collection, use and disclosure of the information collected.
Notify your clients by email of the publication or new versions of your privacy statement. Also, make sure it is clearly visible and easily accessible on the website as well as in all data collection forms, for example contact forms.
Make sure you obtain explicit consent in your data collection forms. The consent process must be simple, distinct from the general terms and conditions, and consent requests must be written in clear and concise language. The form must also inform individuals about the organizations and third parties that will use their consent.
Do you clearly know the origin of your contacts and how they ended up in your marketing distribution lists? You should be able to:
Know and keep track of the source of your contacts in a register and know from which geographical location your contacts originate.
Maintain a register of individuals or companies who have requested not to be contacted or to be removed from your distribution lists.
Be able to explain how consent was obtained for your distribution lists (email, paper, other).
Demonstrate that contacts collected through your web forms have consented to the use of their personal data in a clear and explicit manner.
Demonstrate that you have properly handled requests for access to or removal of personal data by an individual concerned.
Demonstrate that you comply with the requirements of laws and regulations applicable to your business, including the GDPR if you do business with the European Union or if you process data from residents of the European Union.
Stay tuned for our upcoming topics related to the protection of personal information and privacy in collaboration with Kereon, a specialist in information security!
Do you have questions about the potential impacts on your business?
We can help you!
For changes to your website content or marketing needs, contact Duo – Lettreur Nord-Sud.
For your needs regarding compliance with laws and regulations, information security and employee awareness, contact us at: [email protected] or by phone at 514 418-2550 or visit the Kereon website.
The Act respecting the protection of personal information in the private sector in Quebec
The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada
Explorez notre blogue pour découvrir des conseils, des astuces et les dernières tendances et pratiques de la communication visuelle. Restez à jour!
Voir tous nos articles
Have a question in mind? We’ll be happy to answer all your inquiries as quickly as possible. Talk to you very soon!