The tenth principle of the 10 Privacy Principles of PIPEDA is Challenging Compliance.
The principle of Challenging Compliance states that individuals shall be able to challenge an organization’s compliance on any of the privacy principles of PIPEDA.
This means that an organization must have procedures in place to receive and respond to complaints and inquiries. The procedures should be simple and easy to use.
An organization must not only have them in place, but also notify individuals who make inquiries or complaints about its existence.
If an organization receives a complaint, it should investigate it — not ignore it. If the complaint is justified, the organization should take appropriate measures to remedy it. This may involve amending the organization’s practices and policies.
The organization’s privacy officer (or person responsible for privacy compliance) is responsible for accepting and investigating inquiries and complaints.
BACK TO: 10 Privacy Principles of PIPEDA