Branham

Risk & Compliance >> PIPEDA

Service Description:

As of January 1, 2004, federal legislation under the Personal Information Protection and Electronic Documents Act (PIPEDA) as well as similar provincial legislations require Canadian organizations to develop and implement privacy policies and practices that protect personal information. The act provides guidelines for the collection, use and disclosure of personal information in the course of commercial activity.

Service Scope:

The Manta Group PIPEDA offering takes into account an organization's priorities and demands and leverages privacy requirements to provide the platform for a technology-centric organization to demonstrate their commitment for the protection of personal information. Effective PIPEDA compliance can become a strategic source of competitive advantage and build trust in a digital marketplace that is under heavy attack by fraudulent and misuse of personal information. The Manta Group PIPEDA offering leverages industry best practices such as CobiT (Control Objectives for Information and Related Technologies) published by IT Governance Institute (www.itgi.org), as well as General Computing Controls (GCC) to implement a series of controls that address the ten privacy principles through the six steps of the information lifecycle flow:

  1. How information is brought into the organization (collection)
  2. What happens to the information once collected (use)
  3. Who has access to the information and for what purpose (disclosure)
  4. How long the information is kept (retention)
  5. How well the information is protected (security)
  6. When, how and by whom, the information is destroyed (disposal)

Subject Matter Expertise:

  • The Manta Group has extensive experience in designing, documenting, implementing and testing CobiT and GCC controls that specifically address regulatory requirements.
  • Our consultants have over 2 years experience in developing and implementing CobiT framework to meet regulatory requirements. Our experience level for GCC exceeds 10 years.

Service Brief:

Customer Requirement - Design, document, implement, test and verify controls required to meet PIPEDA compliance requirements.

Manta Solution - The Manta Group's expertise in the development and deployment of CobiT and GCC controls provide the organization with the objectivity and expertise required to ensure that investment in privacy controls is governed by the organization's tolerance for risk as well as re-used to improve technology-centric service offerings.