Labyrinth Learning and PIPEDA Compliance
The Office of the Privacy Commissioner of Canada has established PIPEDA (Personal Information Protection and Electronic Documents Act) which applies to private-sector organizations across Canada that collect, use, or disclose personal information in the course of commercial activity. There are several requirements to comply with the law. Organizations covered by PIPEDA must generally obtain an individual's consent when they collect, use, or disclose that individual's personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy. Personal information can only be used for the purposes for which it was collected and it must be protected by appropriate safeguards.
PIPEDA Fair Information Principle 4 – Limiting Collection
PIPEDA Fair Information Principle 4 states:
- Collect only the personal information your organization needs to fulfill a legitimate identified purpose.
- Be honest about the reasons you are collecting personal information.
- Collect personal information by fair and lawful means.
How Labyrinth Fulfills Principle 4 Responsibilities
- A minimalistic approach to collecting student personal information collecting only the name and email address of students.
- A minimalistic approach to collecting educator personal information collecting name, email address, institution name, and additional information related to the types of courses being taught.
- See Labyrinth Privacy Policy and Terms of Use
Guidelines for Processing Personal Data Across Borders and Cloud Computing and Privacy
Office of the Privacy Commission of Canada Guidance
- Guidelines are in place on how PIPEDA applies to transfers of personal information to a third party, including a third party operating outside of Canada, for processing.
- The office has also defined cloud computing and how this type of computing applies to PIPEDA.
Labyrinth’s Cloud Computing Environment
- Labyrinth eLab and CoursePower are cloud computing systems hosted on Amazon Web Services (AWS).
- Labyrinth has recently completed a SOC 2 Type 1 audit and has the policies, procedures, and information security architecture in place to ensure that all PIPEDA requirements are met for cloud computing hosted outside of Canada.
Resources
Labyrinth Information Security and Privacy Officer Contact Information
- securityandprivacy@lablearning.com
- or write to us at the following address:
Labyrinth Learning
Attention: Information Security and Privacy Officer
PO Box 2669
Danville, CA 94526