All Canadian businesses, of all sizes, are required to meet the compliance standards set by The Personal Information Protection and Electronic Documents Act (PIPEDA). Becoming PIPEDA compliant is dependent on various factors related to how you collect and store data about your customers and website users. Businesses who are non-compliant can face penalties and fines of up to $100,000.
So, how do you know if you are compliant or non-compliant with PIPEDA? To meet PIPEDA compliance, you need to meet all of the following criteria:
1. Web Hosting on Canadian Servers
Your website and website data should be stored on Canadian Servers. To check if your website is on a Canadian server, simply navigate to UltraTools IP Lookup, and input your website address. A box will appear with information about the server your website is on. If the country listed is Canada, you are in the clear!
2. An Active Privacy Policy visible on your website
A Privacy Policy is a list of the personal data you collect, how you collect that data, and why you collect that data. The Privacy policy should be clearly visible on your website, and should contain contact information for the data controller. For an example of a Privacy Policy, have a look at our Privacy Policy.
3. If you collect traffic data, you require a Cookie Policy
Cookies are bits of information stored on your website user’s browsers. The information allows you to collect data about that user’s behaviour on your website, and how often they visit your website. If you have Google Analytics, a Facebook Pixel, or any other tracking codes on your website, you are likely to be using cookies.
You are required to inform your website users that you do use cookies, and should offer the option to disable cookies, and view your Cookie Policy. Below are some examples of our Cookie Policy.
4. A DNS Firewall
Most web hosts will have a DNS Firewall in place. If you are unsure, contact your web host to enquire about their DNS Firewall Policies. Also, ensure that your web host has Canadian-based Servers.
5. Data Encryption
If you store any client information on your website, or your work computer/laptop, you are required to encrypt that data. You can encrypt your data on your website with an SSL Certificate. A good web host should include a FREE Let’s Encrypt Certificate with all Shared Hosting Plans. Dynamic Hosting offers a FREE Let’s Encrypt certificate with all orders.
If you are unsure about any of these items, or would like to become compliant with PIPEDA, please schedule a call with us, and we will assess your website, and provide the necessary steps to become PIPEDA compliant.
0 Comments