Personal Information Protection and Electronic Documents Act (PIPEDA) and Implications for Application Security and Sensitive Data Handling in Software Systems
In this document, private information (PI) handling rules for software systems are based on the PIPEDA principles and guide analysis.
It's recommended to include these rules as high-level requirements to any framework that implements privacy-by-design principals in Canada.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada. It sets out the ground rules for how businesses must handle personal information in the course of commercial activity.
Similar a Personal Information Protection and Electronic Documents Act (PIPEDA) and Implications for Application Security and Sensitive Data Handling in Software Systems
Similar a Personal Information Protection and Electronic Documents Act (PIPEDA) and Implications for Application Security and Sensitive Data Handling in Software Systems (20)
Personal Information Protection and Electronic Documents Act (PIPEDA) and Implications for Application Security and Sensitive Data Handling in Software Systems
4. General Privacy Aspects
1. PI data definition
2. Definition of the PI data categories
and rules for each category
3. Process to insure proper use and
handling of the PI data based on rules
defined
6. Under PIPEDA, personal information (PI) includes:
• name, race, ethnic origin, religion, marital status, educational
level
• e-mail address and messages, IP (Internet protocol) address
• age, height, weight, medical records, blood type, DNA code,
fingerprints, voiceprint
• income, purchases, spending habits, banking information,
credit/debit card data, loan or credit reports, tax returns
• Social Insurance Number (SIN) or other identification
numbers.
https://www.priv.gc.ca/information/pub/guide_ind_e.asp
7. Identify PI Data Currently Used In All Corporate Systems
Under PIPEDA, personal information includes:
• name, race, ethnic origin, religion, marital status, educational level
• e-mail address and messages, IP (Internet protocol) address
• age, height, weight, medical records, blood type, DNA code,
fingerprints, voiceprint
• income, purchases, spending habits, banking information,
credit/debit card data, loan or credit reports, tax returns
• Social Insurance Number (SIN) or other identification numbers.
https://www.priv.gc.ca/information/pub/guide_ind_e.asp
9. 2. PI Data Categorization (Draft)
• Personal Details Data Category
• Name, Marital Status, Age, Email Addresses, Postal
Addresses, Phone Numbers, IP Addresses, Device IDs
• Personal Financial Data Category
• Income, Purchases, Spending Habits, Banking
Information, Credit/Debit Cards, Loan or Credit
Details
• Personal Identification Data Category
• Social Insurance Number (SIN) , Drivers Licence and
any other personal ID.
11. • Rules for Personal Details Data Category
• Data In Transit – Encrypted (HTTPS)
• Data Storage – DB-level Encryption (TDE) only
• Display Rules: Show Clear Text
• Retention Rules: As per business needs or 7 years (?)
• Rules for Personal Financial Data Category
• Data In Transit – Encrypted (HTTPS)
• Data Storage – DB-level Encryption (TDE) + Field-level Encryption
• Display Rules: Show Only Last 4 Digits
• Retention Rules: As per business needs or 7 years (?)
• Rules for Personal Identification Data Category
• Data In Transit – Encrypted (HTTPS)
• Data Storage – DB-level Encryption (TDE) + Field-level Encryption
• Display Rules: Hidden (Visual Verification Will Be Available During
Data Input Only)
• Retention Rules: As per business needs or 7 years (?)
14. PIPEDA Fair Information Principles
PIPEDA sets out 10 principles of fair information practices, which set up the basic privacy obligations under the law. They are:
• Accountability - Organizations should appoint someone to be responsible for privacy issues. They should make
information about their privacy policies and procedures to available to customers.
• Identifying purposes - Organization must identify the reasons for collecting your personal information before or at the
time of collection.
• Consent - Organizations should clearly inform you of the purposes for the collection, use or disclosure of personal
information.
• Limiting collection - Organizations should limit the amount and type of the information gathered to what is necessary.
• Limiting use, disclosure and retention - In general, organizations should use or disclose your personal information only for
the purpose for which it was collected, unless you consent. They should keep your personal information only as long as
necessary.
• Accuracy - Organizations should keep your personal information as accurate, complete and up to date as necessary.
• Safeguards - Organizations need to protect your personal information against loss or theft by using appropriate security
safeguards.
• Openness - An organization’s privacy policies and practices must be understandable and easily available.
• Individual access - Generally speaking, you have a right to access the personal information that an organization holds
about you.
• Recourse (Challenging compliance) - Organizations must develop simple and easily accessible complaint procedures.
When you contact an organization about a privacy concern, you should be informed about avenues of recourse.
15. PIPEDA Fair Information Principles – App Security Focus
PIPEDA sets out 10 principles of fair information practices, which set up the basic privacy obligations under the law. They are:
• Accountability - Organizations should appoint someone to be responsible for privacy issues. They should make
information about their privacy policies and procedures to available to customers.
• Identifying purposes - Organization must identify the reasons for collecting your personal information before or at the
time of collection.
• Consent - Organizations should clearly inform you of the purposes for the collection, use or disclosure of personal
information.
• Limiting collection - Organizations should limit the amount and type of the information gathered to what is necessary.
• Limiting use, disclosure and retention - In general, organizations should use or disclose your personal information only
for the purpose for which it was collected, unless you consent. They should keep your personal information only as long as
necessary.
• Accuracy - Organizations should keep your personal information as accurate, complete and up to date as necessary.
• Safeguards - Organizations need to protect your personal information against loss or theft by using appropriate security
safeguards.
• Openness - An organization’s privacy policies and practices must be understandable and easily available.
• Individual access - Generally speaking, you have a right to access the personal information that an organization holds
about you.
• Recourse (Challenging compliance) - Organizations must develop simple and easily accessible complaint procedures.
When you contact an organization about a privacy concern, you should be informed about avenues of recourse.
16. PIPEDA Fair Information Principles – App Security Focus
• Consent
• When applicable, make sure the consumer consent is taken
and logged with the timestamp.
• Retention
• Delete sensitive data as per rules for each category.
• Safeguards
• PI data is encrypted in the data storage
• PI data is encrypted in transit, through use of secure
communication protocols (SSL/TLS 1.2, SFTP etc.)
• Ensure PI data is not compromised during the processing
• Checking the code using Source Code Analysis Tools
• Checking applications at runtime using Runtime Application
Self-Protection Tools