What is PIPA Compliance? Tips to Keep Your Firm and Data Secure

PIPA compliance and IT security go hand in hand. Without the right protections in place, your firm could be at risk of a data breach. Here’s how to stay protected.

As a private or not-for-profit organization in British Columbia, keeping up with data protection regulations is a mandatory—and often challenging—task. In 2004, BC’s Personal Information and Protection Act (PIPA) went into effect, determining how organizations collect, use, and disclose a client’s personal information. Advances in technology, however, have made keeping track of this personal data even more important. The need for data security and PIPA compliance is particularly evident in the legal realm, where client information is highly sensitive.

PIPA Compliance and GDPR

More recently, in May 2018, British Columbia organizations that are required to follow PIPA must also comply with the European Union’s General Data Protection Regulation (GDPR). These updated laws are similar to PIPA, but in many cases, even more stringent. One area of concern is designating a data protection officer who monitors privacy, compliance, and consent.

When dealing with multiple devices across multiple networks, partnering with those who can understand and manage PIPA compliance and GDPR compliance is more important than ever.

What is the difference between each legislation? While PIPA applies to companies in British Columbia that deal with customers in British Columbia, GDPR applies to those that either have a presence in the EU, offer goods and services in the EU, or deal with cross border data of those in the EU. If that applies to your firm, or will in the future, complying with the more robust laws of GDPR will cover some, but not all, of the PIPA compliance regulations.

Managing PIPA Compliance and Cybersecurity

One of the biggest challenges firms face—apart from maintaining knowledge of all the regulations—is monitoring those regulations in our modern, digital era. Is your firm following PIPA compliance when it comes to network sharing, device management, cyberattacks, and data breaches?

One area of concern, where the two regulations differ, is how organizations process personal data without consent. The definition of personal data under PIPA includes name, date of birth, phone number, physical description, personal financial information, and beyond. It does not specifically define sensitive or “special” personal information in the same way as the GDPR.

PIPA recognizes both express consent and implicit consent and gives consumers a right to withdraw or “Opt-out” of consent. But what does this mean for your firm?

In our world of digital tools and data collection services, we could be unknowingly collecting data that consumers have not consented to. Not only that, but our collected data could then be put at risk if we have not complied with the required security and privacy measures on the backend that keep all of our information secure.

Add to that the different regulations of the GDPR, working with clients overseas, and the continually increasing risk of cyberattack—two years ago, 21% of Canadian firms were impacted, and the number is growing—and it becomes clear that PIPA compliance and security go hand in hand.

Keep Your Law Firm Compliant

Staying compliant with PIPA regulations (and GDPR regulations) is possible when partnered with the correct IT services. When your IT team understands the ins and outs of PIPA compliance, you are guaranteed peace of mind that your firm—and your client data—is secure.

The team at Compunet Infotech specializes in managing IT services for Vancouver and BC-based law firms. Offering more than just IT services, we also provide legal expertise and knowledge of PIPA compliance that ensures your IT supports every aspect of your regulatory compliance.