As of January 1st 2018, numerous changes have been made to Ontario's Personal Health Information Protection Act (PHIPA). If you are a health information custodian working in a hospital or medical office, it is important to understand how this new set of rules will affect your organization. One of the most critical changes requires health organizations to keep track of privacy and data  breaches. While the Information and Privacy Commissioner of Ontario will be releasing tracking guidelines in March of 2019, custodians are expected to record breaches now. Here is what you need to know to uphold your reputation and ensure your patient information remains secure.
One of the major barriers to businesses' use of the cloud is making sure their cloud providers comply with local laws and standards. Varying provincial regulations mean that data storage, access, and accessibility may vary by location for the same kind of data. Data sovereignty is the concept that digital information (e.g., data) is subject to the laws of the country where it's located. So how do Canadian laws affect data sovereignty in the cloud?
Many Canadian companies want to transition to the cloud for business data hosting, yet worry about data access and privacy. Both public and private sector organizations must follow government laws affecting the storage and use of personal information. Provincial governments also have privacy laws to protect customer data, particularly in health care. Storing data outside of Canada brings additional challenges, namely a new set of rules and regulations. Find out what affects data leaving the country, and how this impacts your organization.
The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how Canadian businesses manage the collection, use, and disclosure of personal information. It is a significant concern to not only commercial organizations, but to their customers as well. This multi-part series is designed to help Canadian businesses better understand these laws and provide direction in applying them to their organizations and ensuring compliance.
British Columbia’s Personal Information Protection Act (PIPA) is similar to PIPEDA in that it protects personal data collection within the private sector. Organizations considered to be public bodies, as well as the public sector, must comply with the Freedom of Information and Protection of Privacy Act (FIPPA). FIPPA requires that public bodies store any personal information that is under its control or custody exclusively in Canada and it can only be accessed in Canada. There are exceptions but they are few.