PRIVACY IMPACT ASSESSMENTS – FOR PRIVATE SECTOR BUSINESSES
Being more privacy cognizant as a private sector corporation has been proven to be fruitful and increase the likelihood for success of your business. Some businesses have incorporated privacy changes at their own volition, whereas others have borne the brunt of failing to implement privacy considerations in their design. For instance, Facebook stands to lose $10 billion this year due to Apple’s minor iOS privacy change.
When users were given the choice to opt out of the tracking behaviour mechanism on Apple’s iOS, the majority of people did so. As such, other companies who relied on the previously non-consensual data tracking behavior of users, provided by Apple, were gravely damaged by this change. Especially for businesses like Facebook, as much of their revenue is grounded in targeted advertising. This is just one example of the way in which being privacy proactive is imperative for the success of your business and why privacy impact assessments are integral for taking your business to the next level.
Privacy impact assessments are a tool that will allow you to gain an overarching understanding of where your business falls on the spectrum of upholding privacy considerations. In doing so, you can gauge how you can implement certain changes to be privacy compliant. As such, a privacy impact assessment can assist in ensuring that your business is not only upholding current privacy standards as they are, but also serves as a mechanism for your business to incorporate privacy best practices company wide. In doing so, your business will thrive by upholding privacy concerns internally, as well as externally and thereby foster more trust among you and your clients by being privacy compliant.
In Canada there is federal and provincial privacy legislation. Federal legislation when it comes to privacy is as follows:
(i) Privacy Act
• specific to public sector compliance,
(ii) Personal Information Protection and Electronic Documents Act (“PIPEDA”)
• specific to private-sector, for-profit organizations collection, use and dissemination of personal information that are not federally regulated
In Ontario there is health specific, provincial legislation when it comes to privacy:
(iii) Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A
By conducting a privacy impact assessment your business will be equipped with understanding where it falls short in terms of being privacy compliant in relation to the above noted legislations, assist in finding how to improve to be compliant, and further to assist you in the way in which you can be better to which ultimately garner more clients and continue to grow your business.