PIPEDA Fair Information Principle 8 – Openness
Reviewed: August 2020
Your organization’s detailed personal information management practices must be clear and easy to understand. They must be readily available.
Consumers find privacy policies are difficult to understand, yet they feel compelled to give their consent in order to obtain the goods and services they want.
Individuals should not be expected to decipher complex legal language in order to make informed decisions on whether or not to provide consent. (See Principle 3 on consent for details).
- Inform your customers and employees that you have policies and practices for managing personal information.
- Make these policies and practices easily understandable and easily available.
How to fulfill these responsibilities
- Comply with guidelines on obtaining meaningful consent.
- Ensure your front-line staff is familiar with your organization’s procedures for responding to people’s inquiries about their personal information.
- Provide, in easy-to-understand terms:
- the name or title and contact information of the person who is accountable for your organization’s privacy policies and practices;
- the name or title and contact information of the person to whom access requests should be sent;
- how an individual can gain access to their personal information;
- how an individual can complain to your organization;
- any documents that explain your organization’s policies, standards or codes; and
- a description of what personal information you disclose to other organizations, including your subsidiaries and any third parties, and why.
- Information about these policies and practices should be made available in a variety of ways, for example, in person, in writing, by telephone, in publications and on your organization’s website.
- The information presented should be consistent, regardless of the format.
- Date modified: