Last updated on January 30, 2016
The eight principle of the 10 Privacy Principles of PIPEDA is Openness.
Openness
The principle of Openness states that an organization shall make its policies and procedures about how it manages personal information readily available.
It should not provide barriers to access — if an individual is making a request to know about your organization’s information handling practices, the request should be done without an unreasonable effort.
When providing the information, it should be available in a form that’s generally understandable. The information should be provided in plain, simple English that someone without a university degree can understand — save legalese for your lawyers and contracts.
Requirements from PIPEDA
PIPEDA specifically states that an organization shall make the following available:
“the name or title, and the address, of the person who is accountable for the organization’s policies and practices and to whom complaints or inquiries can be forwarded”
This should be the contact information of the organization’s privacy officer or person(s) responsible for privacy compliance.
“the means of gaining access to personal information held by the organization”
The organization should let individuals know how they can gain access to view or retrieve their personal information.
“a description of the type of personal information held by the organization, including a general account of its use”
This is in harmony with a few other principles, such as Identifying Purposes.
“a copy of any brochures or other information that explain the organization’s policies, standards, or codes”
An organization can easily have this done by putting information on its website. It is a best practice to have this available in multiple formats (hard-copy brochures, etc).
“what personal information is made available to related organizations (e.g., subsidiaries).”
Different Ways to Publicize
Depending on the nature of business an organization operates in, there are different methods of providing publications on how an organization handles personal information.
For example, an organization can offer brochures and have these available within a reception area. The organization can also mail the information to customers, send it through an email newsletter, or provide a toll-free number for individuals who are curious.
As mentioned earlier, one of the the most effective ways of doing this is by putting policies and procedures online, either on a website or via a downloadable PDF file.
The organization should ideally have the information available in different formats for different audiences.
NEXT PRINCIPLE: Individual Access
BACK TO: 10 Privacy Principles of PIPEDA