10 Fair Information Principles

1 - Accountability

Requires business to have documented privacy policy that applies to both customer and employee personal information (PI).

2 - Identifying the Purpose

Requires business to identify the purpose for their collection and use of personal information.

3 - Obtain Consent

Requires business to receive consent from individuals to use, disclose, or collect their PI, and notify them in what instances their PI might be used or disclosed.

4 - Limiting Collection

Requires business to limit the amount and type of PI collected to only what is necessary for the identified purpose; limit the collection of SIN to legally established purpose.

5 - Limiting Use, Disclosure, and Retention

Requires business to only use or disclose PI for the purpose it was collected for, unless additional consent has been given.

6 - Accuracy

Requires business to use reasonable efforts to make sure PI is accurate, complete, and current before using it for decision making.

7 - Safeguards

Requires business to adopt physical, technical, and administrative safeguards to protect PI from loss, theft, unauthorized access, disclosure, copying, use, or modification.

8 - Openness

Requires business to make policies and procedures about the management of PI available to individuals

9 - Individual Access

Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information.

10 - Challenging Compliance

Requires business to have policies and procedures to receive and respond to complaints or questions about how PI is handled by the business\

Source:  https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/