In Canada, privacy regulations can be slightly different in each province, but the Personal Information Protection and Electronic Documents Act (PIPEDA) is a federal law that is binding in most provinces. In Quebec, Alberta and British Columbia, there are provincial acts that are substantially similar to PIPEDA that govern privacy. In Ontario, New Brunswick and Newfoundland and Labrador, there are provincial acts which apply to health information. If your business has an online presence, you should gain some familiarity with the appropriate privacy laws to make sure you are conducting business in compliance.
So what does this all mean for your Business?
- Users. How will a user actually interact with your website? Will there be more than one type of user? Does your website allow businesses to conduct transactions online (i.e. service providers and consumers)?
- Age of Users. Will your website be advertised to or potentially used by individuals under the age of 18? If so, there are extremely strict guidelines on the type of information you can collect.
- Information Gathered. What type of private information will be gathered by your website (i.e. financial information, medical information, personal identifying information)?
- Jurisdiction and Dispute Resolution. Where is your business located? Where do parties go if they have a dispute? How will disputes be resolved and what laws will apply?
- Third Party Apps. Are there third party applications that are integrated into your website (i.e. Google Apps, Twitter, Zapier, etc.)? Is personal information gathered from your users being provided to these third party applications?
- Secure Collection and Storage of Private Information. How are you collecting and storing personal private information?
- User-Generated Content. Are users allowed to post their own content to your website? What is your policy for offensive material?