While information security focuses on protection of data against unauthorized access, data privacy concentrates on the legal aspect
of accessing data. With the ever-increasing usage of the Internet, online applications, and social media, data is considered an
important asset and the pillar of data economy.
While all the businesses gather information about their users and customers, data privacy laws and regulations force data collectors
and data processors to comply with privacy rules in collection, usage, and disclosure of data. On the other hand, the primary focus
of data privacy is individual’s rights such as consent, right to data portability, right to be forgotten, right to rectification, etc.
Some of the main Data Privacy regulations are: General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA),
California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA).
GDPR
Since 2018, companies and individuals doing business with European Union (EU) and the European Economic Area must be compliant with
General Data Protection Regulations (GDPR), which "regulates the processing by an individual, a company or an organisation of personal
data relating to individuals in the EU". According to European Commission, GDPR applies to:
    1) "a company or entity which processes personal data as part of the activities of one of its branches established in the EU,
regardless of where the data is processed"; or
    2) "a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of
individuals in the EU".
In the event of non-compliance with GDPR or violates its principles, a business can be punished with huge fines by the regulators.
We assist our customers in getting compliant with GDPR and making benefits of protecting their data and privacy.
PIPEDA
The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, assented in 2000, is aimed to protect personal
information that are collected, used, or disclosed through electronic commerce. The Act applies to private companies that gather and
use PII in their commercial activities. These organizations must obtain users' consent when processing their personal information and
must use this information for the purpose that it was collected for. On the other hand, users are entitled to access the information
held by the business entities and challenge its accuracy.
The 10 Fair Information Principles of PIPEDA are: (1) Accountability (2) Identifying Purposes (3) Consent (4) Limiting Collection
(5) Limiting Use, Disclosure, and Retention (6) Accuracy (7) Safeguards (8) Openness (9) Individual Access (10) Challenging Compliance
At BIIMS, we can assist your business in implementation of required processes to ensure compliance with PIPEDA.