Zedtreeo Outsourcing

An ISO/IEC 27001 Certified Company

Obligation As A Canadian Business Owner While Outsourcing Or Engaging 3rd Party For Data Processing

Obligation As A Canadian Business Owner While Outsourcing Or Engaging 3rd Party For Data Processing

Share This Post

All Canadian businesses, by now, should be aware of their mandatory data breach reporting obligations under PIPEDA. These obligations require Canadian companies to:

a. Report to the Office of the Privacy Commissioner (“OPC”) breaches of security safeguards involving personal information under the organization’s control if it is reasonable in the circumstances to believe that the breach of the security safeguard creates a real risk of significant harm to an individual or individuals;

b. Notify the affected individuals about those breaches and keep records of all breaches.
What many might not be aware of is that these data breach obligations apply to your business even if it is your third-party data processor (if you are outsourcing or offshoring) who suffered the actual data breach.

Additionally, if your business transfers personal data to a third-party for processing, your company is legally obligated to ensure appropriate contractual terms are place with that third-party to protect the personal data while in possession of the third-party.

Privacy protections applicable to outsourcing transactions in Canada are complicated. Some debate that these laws are heavily in favor of protecting privacy to the disadvantage of free flows of information and the business realities. Many reasons that there can never be a compromise on maintaining privacy in personal information. Yet others argue that Canada should be following international privacy precedent.

Canadian government’s view on this matter also diverges. Many provinces have followed different models to deal with privacy problems. Some have approached models in which regulation is achieved exclusively through legislation. Others follow a mix of legislation, contracts, and mechanisms dealing with monitoring, due diligence, and risk assessment. On the federal government level, the Treasury Board of Canada’s views, the federal government’s principal procurement agency, appear more liberal than privacy laws regulating the public sector in individual provinces.

Read More:

GDPR: All That We Need To Know About It

LPO | What Is It, And How it Works Out For Legal Firms?

More To Explore

how to

How to Make Your Home Office Efficient and Comfortable

If you work at home even part of the time, you know how important it is to have a home office that’s efficient, organized, comfortable, and distraction-free. Even if you’re on a tight budget, you may need to commit some funds to the project of transforming your home office into a workspace where you can really get things accomplished.

Read More »

Would you like to Contact Us?

Note: We assist all types of businesses with full or part time dedicated remote staff.

× How can I help you? Available from 00:00 to 23:59 Available on SundayMondayTuesdayWednesdayThursdayFridaySaturday