The growing global trend for strong data protection laws is changing how organizations gather and use data. With privacy-focused product features and organizational processes, Piwik PRO is able to support companies in meeting the requirements of GDPR, HIPAA and many others.
One of the regulations that Piwik PRO helps organizations comply with is the Personal Information Protection and Electronic Documents Act (PIPEDA), a Canadian data protection law.
Compliance with PIPEDA shows our commitment to privacy and proves that we take measures to protect data and mitigate a broad range of security risks. By using our platform, our clients get a better opportunity to do the same for their organizations.
Below, we will explain how Piwik PRO helps you effectively collect users’ data and respect their rights.
What is PIPEDA
PIPEDA is the Canadian federal privacy law designed to protect consumers’ privacy rights. The law sets the ground rules and governs how private-sector organizations collect, use, and disclose personal information in the course of commercial activity across Canada.
The Canadian act also covers businesses operating outside of Canada that offer products or services to Canadian residents.
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual.
Examples of personal information include:
- Age, name, ID numbers
- Ethnic origin
- Blood type
- Opinions
- Income, credit records, loan records
- Medical records
- Existence of a dispute between a consumer and a merchant
Key requirements of PIPEDA
The PIPEDA requirements are based on the 10 fair information principles of PIPEDA.
These principles include:
- Accountability – PIPEDA requires organizations directly covered by PIPEDA to appoint a Privacy Officer.’
- Identifying Purposes – Before or at the time of collecting personal information, organizations must identify and disclose the purposes for which the information is being collected.
- Consent – Organizations must obtain the individual’s consent before collecting, using, or disclosing personal information.
- Limiting Collection – The collection of personal information must be limited to what is necessary for the purposes identified by the organization.
- Limiting Use, Disclosure, and Retention – Personal information must only be used or disclosed for the purposes for which it was collected and for as long as necessary to fulfill them.
- Accuracy – Organizations must ensure that personal information is accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.
- Safeguards – Organizations must implement security measures to protect personal information, appropriate to its sensitivity. The particular safeguards are not specified.
- Openness – Organizations must make their privacy policies and practices easily available to individuals.
- Individual Access – Individuals have a right to access their personal information, challenge its accuracy and have it amended.
- Challenging Compliance – Individuals must be able to challenge the organization’s compliance with PIPEDA’s requirements.
Learn more about PIPEDA and how to comply with it in our blog post: PIPEDA & CPPA: How the Canadian privacy laws impact your analytics.
How Piwik PRO helps clients comply with PIPEDA
Piwik PRO adopts privacy by design, which allows our clients to adhere to many data protection regulations, including PIPEDA. To better align with PIPEDA’s requirements, we have appointed a Privacy Officer (PO). As a third-party offshore vendor, Piwik PRO isn’t directly mandated to appoint a PO. However, the Privacy Officer helps us oversee compliance with the privacy requirements of our clients.
On top of that, Piwik PRO clients can benefit from product and organizational features that support their PIPEDA compliance. Specifically:
- Using Piwik PRO’s Consent Manager, customers are able to:
- Obtain the individual’s consent before collecting, using, or disclosing personal information.
- Collect consents for different data collection purposes.
- Limit data collection to what is necessary to fulfill the specific purposes.
- Piwik PRO offers tools to effectively configure and limit data collection parameters to capture only relevant and accurate information, reducing the risk of collecting unnecessary or erroneous data. Our clients have full control over the tracking setup and can choose which data dimensions they collect by configuring their privacy settings.
- Piwik PRO holds SOC 2 Type II and ISO 27001 certifications and continuously works with third-party security researchers, demonstrating the presence of high-level security safeguards.
- Piwik PRO customers are informed about the disclosures they should make in their privacy policies detailing their use of Piwik PRO for data collection and processing.
- Piwik PRO clearly defines its data retention and termination processes.
- Piwik PRO enables and facilitates the collection and processing of individuals’ requests to access or amend the information gathered about them.
We are aware that maintaining legal compliance is an ongoing process. That’s why we will stay on top of PIPEDA’s requirements and any developments to ensure we adjust to them.
Thanks to that, your team can focus on optimizing the customer journey on your site and benefiting from other features offered by our platform.
Have any questions about PIPEDA-compliant analytics? Learn more about how we can help your organization comply with the law: