Ferretly's Conformance to Canadian Privacy Laws
Ferretly, an AI-powered software for social media screening and behavior analysis, aligns its practices with Canadian privacy laws, specifically the Personal Information Protection and Electronic Documents Act (PIPEDA) and similar provincial legislation. Additionally, Ferretly's practices are informed by relevant insights from legal experts in Quebec. The following points outline how Ferretly ensures compliance with these laws.
Canadian Privacy Legislation
PIPEDA (Personal Information Protection and Electronic Documents Act):
Purpose: PIPEDA governs how private sector organizations collect, use, and disclose personal information in the course of commercial business.
Requirements: Organizations must obtain consent, provide access to information, and ensure the protection and accuracy of personal information.
Provincial Privacy Laws:
British Columbia: Personal Information Protection Act (PIPA)
Alberta: Personal Information Protection Act (PIPA)
Quebec: Act Respecting the Protection of Personal Information in the Private Sector
These laws are similar to PIPEDA but tailored to specific provincial requirements.
Quebec Specific Legislation:
Charter of Human Rights and Freedoms: Grants a right to privacy to every individual (Art. 5) and specifies what constitutes an invasion of privacy (Art. 36).
Civil Code of Quebec (CCQ-1991): Further elaborates on privacy rights and specifies conditions for collecting and disseminating personal information.
Law 25 (formerly Bill 64): Modernizes privacy laws by introducing stricter consent requirements, enhanced rights like data portability and de-indexation, mandatory data breach notifications, and significant fines for non-compliance. It also mandates default high privacy settings for services and detailed transparency about data practices in clear language.
Ferretly's Compliance Measures
Client Consent Requirement:
Policy: Ferretly mandates that clients obtain explicit consent from candidates before conducting social media checks.
Rationale: This ensures transparency and adherence to PIPEDA’s consent principle and the Civil Code of Quebec’s requirements.
Limitation on Third-Party Information Collection:
Policy: Ferretly does not gather data about third parties (e.g., friends, followers, contacts).
Rationale: This practice respects the privacy of individuals who have not consented to data collection and minimizes unnecessary data exposure.
Collection of Public Information Only:
Policy: Ferretly collects only publicly available information from social media and the Internet.
Practices: The company avoids using deceptive methods, such as bypassing passwords or other unauthorized access techniques.
Rationale: This approach ensures lawful data collection and maintains the integrity of privacy standards. Courts have clarified that the reasonable expectation of privacy on social networks is attenuated by account settings, provided no subterfuge or illicit means are used (Signature sur le Saint-Laurent construction et Filion, 2023 QCTAT 344; Maison St-Patrice Inc. et Cusson, 2016 QCTAT 482).
Accuracy of Information:
Policy: Ferretly employs best practices for identity resolution and report redress to maintain high accuracy in the data collected.
Practices: The process includes verifying the correctness of information and providing mechanisms for rectification.
Rationale: Accurate data collection and processing are critical for fair decision-making and compliance with privacy laws, as stipulated by the APPP and the Civil Code (Art. 38 and 40; Art. 11).
Appropriate Information Provision:
Policy: Ferretly provides clients with only relevant information tailored to their hiring needs.
Practices: The company consults with clients to determine suitable AI Behavior Classifications and keywords.
Rationale: This ensures that clients receive pertinent information without overstepping privacy boundaries, thus aligning with principles of data minimization.
Non-Discrimination Compliance:
Policy: Ferretly advises clients on the appropriate use of information to prevent discrimination.
Practices: Ferretly includes disclaimers that emphasize that the use of information should not infringe on individuals' rights under the Charter (Art. 16) and that decisions should not be based on protected characteristics (Art. 10).
Rationale: This mitigates the risk of human rights complaints and ensures compliance with anti-discrimination laws.
Conclusion
Ferretly's practices are designed to comply with Canadian privacy laws, including PIPEDA, provincial regulations, and Quebec’s Charter and Civil Code. By obtaining consent, restricting data collection to public information, ensuring accuracy, providing relevant data, and advising on non-discrimination, Ferretly upholds privacy and data protection standards, fostering trust and legal compliance in its social media screening services.
Legal Advice:
Ferretly strongly advises clients to seek legal counsel to ensure that the use of the Ferretly reports complies with all relevant laws and regulations.