SIMON AVERY
Globe and Mail Update Published on Thursday, May. 26, 2005 9:47AM EDT Last updated on Tuesday, Apr. 07, 2009 9:34PM EDT
Despite sweeping new privacy legislation, few Canadian companies have put in place programs to protect individuals' privacy because they mistakenly question the value of the investment, a study says.
Only a small number of businesses have established clear and specific processes for the collection, use, retention and disclosure of personal information, according to the first national survey of its kind by Nymity Inc., a privacy consultancy in Toronto.
Instead, most companies have opted to handle the issue of privacy on a reactive basis, or they have written weak, vague policies that serve only to try to appease customers, said Terry McQuay, founder and president of Nymity.
“Companies think privacy compliance is cost prohibitive with very little return,” he said. But the reality is that effective privacy management with clear and complete details on how personal information is used avoids alienating customers and protects businesses from legal liability and running afoul of the Privacy Commission.
Nymity applied an index of best practices to Canadian companies and scored them accordingly. Chief among the more than 130 best practices was a commitment by a company to define its processes for handling and protecting individuals' information. Customers need to be able to read on-line how their information is protected, how long it is kept, who has access to it, and how they can opt out of programs, Mr. McQuay said.
Some companies have a natural tendency to hold on to personal data indefinitely, believing they may need it in the future. They also question the value of investing in an effective privacy program, believing implementation will be both costly and challenging. But some of the best policies today run no more than eight pages in length, he said.
Mr. McQuay advises organizations handling personal data to maintain effective policies, invest in continuous training of employees who manage personal information and perform an annual audit of their processes.
The top 10 rankings were: BCE Inc.'s Bell Canada, Telus Corp., Bank of Nova Scotia, TransUnion of Canada Inc., Toronto-Dominion Bank, Aviva Canada Inc., Sprint Canada Inc., Indigo Books & Music Inc.; Sears Canada Inc. and Royal Bank of Canada.
Join the Discussion: