All Canadian businesses, of all sizes, are required to meet the compliance standards set by The Personal Information Protection and Electronic Documents Act (PIPEDA). Becoming PIPEDA compliant is dependent on various factors related to how you collect and store data about your customers and website users. Businesses who are non-compliant can face penalties and fines of up to $100,000.
So, how do you know if you are compliant or non-compliant with PIPEDA? To meet PIPEDA compliance, you need to meet all of the following criteria:
1. Web Hosting on Canadian Servers
Your website and website data should be stored on Canadian Servers. To check if your website is on a Canadian server, simply navigate to UltraTools IP Lookup, and input your website address. A box will appear with information about the server your website is on. If the country listed is Canada, you are in the clear!
Cookies are bits of information stored on your website user’s browsers. The information allows you to collect data about that user’s behaviour on your website, and how often they visit your website. If you have Google Analytics, a Facebook Pixel, or any other tracking codes on your website, you are likely to be using cookies.
4. A DNS Firewall
Most web hosts will have a DNS Firewall in place. If you are unsure, contact your web host to enquire about their DNS Firewall Policies. Also, ensure that your web host has Canadian-based Servers.
5. Data Encryption
If you store any client information on your website, or your work computer/laptop, you are required to encrypt that data. You can encrypt your data on your website with an SSL Certificate. A good web host should include a FREE Let’s Encrypt Certificate with all Shared Hosting Plans. Dynamic Hosting offers a FREE Let’s Encrypt certificate with all orders.
If you are unsure about any of these items, or would like to become compliant with PIPEDA, please schedule a call with us, and we will assess your website, and provide the necessary steps to become PIPEDA compliant.