Privacy and Hidden Costs

There have been rumblings and warnings for a couple of years now, but by January 1, 2004, the government will slap another administrative burden on businesses. The Personal Information Protection and Electronic Documents Act — better known to those familiar with it by the folksy acronym “PIPEDA” — becomes law across the land. The law applies to federal jurisdictions, but it also drags into its net any province that has not already passed similar legislation. Quebec has its own privacy laws in place already and B.C. and Alberta are finalizing theirs. Ontario has a draft out for discussion.

The privacy laws will apply to all commercial and non-profit organizations, no matter what the size or activity. And, dear consulting engineer, that includes you.

Written from the best of motives, the rules are intended to help each of us control who has access to our personal information. Partly, the law was written with the digital era in mind, and with the hope of shielding us from the ever-more menacing encroachments of the telemarketers and e-mail spammers.

Unlike earlier drafts, the federal law does not cover employee information, but it does apply to anyone that collects information as part of their commercial activities. It could, for example, affect firms who gather financial information about their clients, and then want to release that information to a potential buyer of their company.

The law will force every company to spend time and energy on implementing a whole apparatus to meet its requirements. It means developing a policy on privacy, publishing and distributing that policy, and appointing someone in the firm to be an information officer. Part of the officer’s duties will be to ensure that anyone who wants to know what kind of personal information the company is keeping on them can easily access it in the files.

As John Gamble, P.Eng., president of Consulting Engineers of Ontario, points out, the problem lies not so much in implementing the policies, as in managing the initial learning curve to set them in place: the need to sift through lots of information, consult lawyers etc. to ensure your company is complying. Probably organizations like CEO can come up with a formulaic process that everyone can adopt, which would certainly help smaller firms.

Even if privacy procedures eventually become just another routine part of doing business, they represent one more government burden laid on the already stressed backs of consulting firms. A decade ago the federal government introduced the Goods and Services Tax that imposed a whole regime of bookkeeping tasks on businesses. Since then there have been almost continually new provincial policies and rules that have to be implemented relating to employees — workplace harassment policies, employee emergency leave changes, health and safety postings, etc. You need a veritable army of administrators just to keep on top of new government rules.

Certainly governments have a duty to protect individuals — their privacy, and their health and welfare — but we should go into this with our eyes open and realize that such measures come at a heavy price for companies and employers.