PIPEDA Fair Information Principle 2 – Identifying Purposes

Your organization must identify the reasons for collecting personal information before or at the time of collection.

Your responsibilities as a business

  • Before or when any personal information is collected, identify why it is needed and how it will be used.
  • Document why the information is collected.
  • Inform the individual from whom the information is collected why it is needed.
  • Identify any new purpose for the information and obtain the individual's consent before using it for that purpose.

How to fulfill these responsibilities

  • Review your personal information holdings to ensure they are all required for a specific purpose.
  • Notify the individual, either orally or in writing, of these purposes.
  • Record all identified purposes and obtained consents for easy reference in case someone requests an account of such information.
  • Ensure that these purposes are limited to what a reasonable person would expect under the circumstances.

Tips

Define your purposes for collecting data as clearly and narrowly as possible so people can understand how the information will be used or disclosed.

  • Avoid overly broad purposes as they may conflict with the knowledge and consent principle.
  • Examples of purposes include:
    • opening an account
    • verifying creditworthiness
    • providing benefits to employees
    • processing a magazine subscription
    • sending out association membership information
    • guaranteeing a travel reservation
    • identifying customer preferences
    • establishing customer eligibility for special offers or discounts.
Date modified: