PIPEDA Changes: Brightsquid’s Guide to Compliance

In our last article, we provided a brief overview of Canada’s new PIPEDA requirements that came into effect on November 1, 2018. Today, we are going to dive deeper into this topic, as we share recommendations and steps you can take to ensure that your clinic stays compliant under PIPEDA, and that your patients’ data remains secure and protected.

To comply with PIPEDA’s mandatory breach notification and record-keeping requirements, organizations should take the following steps:

First, review and update your written policies and systems that shape your internal safeguards, employee training and best practices, as well as tracking, reporting, and record-keeping of all data breaches.

Second, ensure policies include processes and plans for containment, investigation, notification and remediation of data breaches.

Third, prepare for scrutiny in the face of a data breach. Consider how you will respond to potential regulatory investigations, legal actions, or questions from the media.

Fourth, develop a response strategy that considers crucial factors that matter most to your practice, such as the impact a data breach will have on your brand and reputation, operational disruption, and the financial implications of potential fines and legal fees.

Complying with PIPEDA’s new regulations is not only a legal requirement. Keeping personal data safe and secure sends a strong message to patients that you value their privacy, and will do whatever it takes to protect their sensitive information.

There are a number of risks and issues related to data privacy, and Brightsquid is here to help support and guide you as new security measures and regulations come into effect. For support on developing and implementing any of the above recommendations, contact us today and ask us about our PIPEDA Compliance Services.