In the onset of an era of using cookieless tracking and working with multinational clients, it’s crucial to keep a pulse on privacy laws, especially for our neighbor, the Great White North. Coegi works closely with many Canadian entities and U.S. companies that operate within Canada’s borders. All businesses that operate in Canada and handle personal information that crosses provincial or national borders are subject to Personal Information Protection and Electronic Documents Act (PIPEDA), regardless of the province or territory in which they are based (including provinces with substantially similar legislation).
What is PIPEDA?
There are a number of requirements to comply with PIPEDA, but organizations typically are required to obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People also have the right to access their personal information held by an organization along with the right to challenge its accuracy. Personal information can only be used for the purposes for which it was collected, so if an organization is going to use it for another purpose, they must obtain consent again. Personal information must also be protected by appropriate safeguards1.
How is Personal Information Identified under PIPEDA?
Under PIPEDA, personal information includes any factual or subjective information about an identifiable individual. This includes information in any form, such as:
- Age, name, ID numbers, income, ethnic origin, or blood type
- Opinions, evaluations, comments, social status, or disciplinary actions; and
- Employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods/services or change jobs)1
PIPEDA vs. GDPR and HIPAA
While U.S. HIPAA laws applies only to protected health information as handled by healthcare entities, PIPEDA is more in line with the EU’s GDPR in that it applies to all personal information and governs commercial entities, encompassing healthcare and more. One key difference is that PIPEDA considers self-reported data, including survey data, to be private information regardless of being self-sourced.
How Does Coegi comply with PIPEDA?
Coegi ensures strict compliance with privacy policies like Canada’s PIPEDA by working with data partners to research and comply with international regulatory guidelines. This includes but is not limited to:
- The complete shielding of patient medical data
- Ability to layer on keyword blocklists and dayparting in addition to Coegi’s own brand safety parameters
Sourcing data from third-party provides to target Canadians proves to be a little trickier than reaching American or EU citizens due to the constraints on demographic, social comments and sentiments and self-reported data. The best alternative is to strengthen your contextual and keyword targeting strategies. Contextual targeting is based upon the content of a webpage. Relevancy of the content is determined by topic, keywords and other factors such as page category. Location-based targeting is another great alternative for honing in on specific audiences via geotargeting or proximity targeting. As more regions develop similar and more stringent privacy laws, it’s important to strategize how to reach your target audience in the absence of personally identifiable data.
Author: Grace Agbor, Associate Client Strategist