Personal Information Protection and Electronic Documents Act

posted in: Uncategorized

Under the private sector law, Personal Information Protection and Electronic Documents Act (PIPEDA), it is virtually a requirement to have a CPO[i]. It is important for the corporation to know that this role is not window dressing. The role requires a privacy champion, an advocate who leads by example within their environment, someone who promotes a philosophy of privacy, and who protects the organization from relevant liability[ii].

“The ultimate role of the Chief Privacy Officer (CPO) is to build a culture of privacy and the structures that will protect it”[iii], or in other words, the CPO puts flesh to the bones of privacy and access laws, as expressed within their organization’s policies[iv]. In my opinion and well supported throughout this module’s reading, this is done by the CPO holding a position of authority within the corporate structure, and having an office equivalent to other senior management with access to the highest levels of authority.

The CPO should be in a senior position with authority to implement necessary change and have access to resources to get the job done. The CPO does not necessarily need to be a lawyer or Information Technologist, but they do need to have an understanding of privacy (and sensitivity to) issues, the rights and responsibilities that flow from attempting to strike a balance between privacy and access laws, and knowledge of the capabilities and implications of evolving technology[v].

[i] Radwanski, G. (2002, February 12). [Speech transcript]. Retrieved from the Office of the Privacy Commissioner of Canada website: https://www.priv.gc.ca/media/spd/02_05_a_020212_e.asp (Page 2 of 10 printed)

[ii] EXIAPP8174: Privacy Applications: Issues and Practices, Module 1, Fall 2018, Page 2 of 20

[iii] EXIAPP8174: Privacy Applications: Issues and Practices, Module 1, Fall 2018, Page 2 of 20

[iv] EXIAPP8174: Privacy Applications: Issues and Practices, Module 1, Fall 2018, Page 2 of 20

[v] Radwanski, G. (2002, February 12). [Speech transcript]. Retrieved from the Office of the Privacy Commissioner of Canada website: https://www.priv.gc.ca/media/spd/02_05_a_020212_e.asp (Page 2 of 10 printed)

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *