The 10 Privacy Principles of PIPEDA – Openness

The eight principle of the 10 Privacy Principles of PIPEDA is Openness.

Openness

The principle of Openness states that your organization shall make its policies and procedures about how it manages personal information readily available.

It should not provide barriers to access — if an individual is making a request to know about your organization’s information handling practices, the request should be done without an unreasonable effort.

When providing the information, it should be available in a form that’s generally understandable. Provide the information in plain, simple English that someone without a university degree can understand — save legalese for your lawyers and contracts.

The key point is to make this information easily accessible and understandable.

Requirements from PIPEDA

PIPEDA specifically says you should make the following available:

“the name or title, and the address, of the person who is accountable for the organization’s policies and practices and to whom complaints or inquiries can be forwarded”

This should be the contact information of your organization’s privacy officer.

“the means of gaining access to personal information held by the organization”

Your organization should let individuals know how they can gain access to view or retrieve their personal information.

“a description of the type of personal information held by the organization, including a general account of its use”

This is in compliance with a few other principles, such as Identifying Purposes.

“a copy of any brochures or other information that explain the organization’s policies, standards, or codes”

This is most easily done by putting information on your company’s website, but your organization should have multiple formats available (hard-copy brochures, etc).

“what personal information is made available to related organizations (e.g., subsidiaries).”

Different Ways to Publicize

Depending on the nature of business your organization operates in, there are different methods of providing publications on how your organization handles personal information.

For example, you can offer brochures and have these available within your business office. You can also mail the information to customers, send it through an email newsletter, or provide a toll-free number for individuals who are curious.

As mentioned earlier, one of the the most effective ways of doing this is by putting policies and procedures online, either on a website or via a downloadable PDF file.

Your organization should ideally have the information available in different formats for different audiences.