To ensure that staff is adequately trained, organizations must have a process in place to identify when staff require a refresher course.
PIPEDA training must also instruct employees on the proper access, disclosure, copying, use, or modification of personal information. PIPEDA also grants consumers the right to know how their personal information is managed by a business. Under PIPEDA training requirements, staff must be trained on how to answer consumer questions on how their personal information is managed by the organization. Staff must be able to explain personal information collection purposes accurately, clearly, and consistently, and inform individuals of any new reasons for collection. Staff training must also instruct them on when to provide individuals the name, address and phone number of the organization’s PIPEDA contact person.
Effective PIPEDA Training
To meet PIPEDA compliance requirements and for training to be considered effective, it is recommended that staff members are trained annually. Training on at least an annual basis is the only way to ensure that all requirements are met.
Upon completion of training staff must be able to:
- Respond to inquiries about privacy policies and practices themselves or refer inquirers to the privacy officer or another authorized representative;
- Explain their organization’s purposes for collecting personal information;
- Understand policy and procedures on consent and obtain consent as appropriate;
- Explain to customers when and how they may withdraw consent and what consequences if any may come of such withdrawal;
- Recognize and process requests for access to personal information;
- Refer complaints about PIPEDA privacy matters to the privacy officer; and
- Keep up to date on their organization’s ongoing activities and new initiatives relating to the protection of personal information.