E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: itBusiness.ca

Posted on November 21, 2002

      Canada's privacy commissioner George Radwanski is urging HR professionals to build a privacy policy into their employee records-keeping systems before implementing changes to IT.

      Doing due diligence up front will help prevent potential employee/employer conflicts over personal files down the line, he said. " 'Oops' is not a defence when it comes to violations of privacy," said Radwanski, who Wednesday addressed a group of public and private sector human resources managers.

      Several Canadian provinces are in the process of designing privacy legislation and may take their cue from the federal Personal Information Protection and Electronic Documents Act (PIPEDA), which governs federally-regulated industries like banking and broadcasting and began rolling out earlier this year.

      The guiding principle behind PIPEDA is the "reasonable person test." Would a reasonable person consider a privacy stipulation appropriate under the circumstances? "That's one of the most important provisions of the PIPED Act, and I expect it to figure in provincial legislation too. It's sort of a privacy touchstone," Radwanski said.

      "Even if you happen to be in a province that doesn't pass such legislation," he added, "you're going to have a pretty unhappy work force if you disregard their privacy rights in ways that would be illegal in most other provinces."

      Radwanski said issues to be addressed before installing or updating a personal records management system include: the type of information collected, the person collecting it, the range of consent provided by employees, and how it will be linked to existing data.

      It's important to pinpoint the individual who is in charge of all these provisions and make sure employees are kept in the loop through the project. It's also an excellent way of making sure that everyone involved -- HR personnel, IT staff and the affected employees -- understands the system and their access rights, he said.

      The challenges of records-keeping and meeting the strictures of privacy legislation are numerous, said Wendy Chiu, director of human resources management systems, Rogers Communications Inc., based in Toronto. But the situation can be more complicated when a third party is introduced. Rogers doesn't outsource its HR functions, said Chiu, but is getting its insurance and pension providers more involved in records management. "Although there's definite efficiencies and savings that come out of that . . . you have to make sure employees are aware that is being done."

      Rogers is also moving to more of a self-service model for employee benefits, which means employees will be accessing and providing data online. For every change made to internal HR systems, there is an accompanying review, said Chiu, to ensure privacy measures are in place. But, she said, "the technology is getting implemented at a fairly quick rate. Overall, I think there needs to be a better understanding of what (privacy legislation) means to us as we move some of this stuff online."

      Even existing legislation like PIPEDA can't cover all the bases, said Radwanski, and it's up to companies and government agencies to observe the spirit of the law as much as the letter. Employee consent to data collection is at the core of PIPEDA, he said, and it behooves employers to bear that in mind. "If you don't do it, nine times out of 10, it won't be a problem," he said. "But on the 10th time it can be a pain. You can't go wrong by seeking consent."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.