Is Your Digital Marketing Compliant with Privacy Legislation?

Published On: 21 February 2021

Internet technology has revolutionized how businesses spread awareness about their products and services through what we know as online marketing. 

With online marketing, it’s much easier for companies to interact with their consumers and give them personalized offers using their personal informationThis helps improve a consumer’s shopping experience while enabling businesses to sell more. 

In today’s digital world, the personal information of an individual gives the power to businesses to create online marketing campaigns that will not only satisfy the needs of a consumer but also allow for businesses and marketers to collect important information about their customers. 

Due to the collection of highly sensitive information, it is really important to make sure that the personal information of a consumer is kept highly confidential. 

What is personal information?  

Personal information is data about an “identifiable individual”. It is the information that on its own or when combined with other pieces of personal data, can identify an individual. 

Digital marketing involves the collection, use, and dissemination of personal information, in one form or another.  

The recent data privacy legislation has left marketers and businesses wondering as to what “personal information” means nowadays and how they can comply. 

What is PIPEDA? 

In Canada, Personal Information Protection and Electronic Documents Act (PIPEDA) has adopted ten privacy principles. These principles control thonline privacy issues with respect to consent, transparency, security measures, and data retention.  

Even today there are no specific rules for regulating social networks, phone apps, and other online activities. PIPEDA applies to the online activities of companies such as Facebook and Google. 

How does the PIPEDA Work? 

PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of any commercial activity. 

However, businesses must follow the 10 fair personal information principles to protect personal information. 

The principles to be followed by businesses or marketers to protect user privacy are: 

1. Accountability 

  • You can appoint someone who will be responsible for your businesses PIPEDA compliance.  
  • You need to protect all personal information stored by your business, including any personal information you transfer to a third party.  
  • You need to develop and implement personal information policies and practices. 

 2. Identifying Purposes 

  • Identify and document your reason for collecting personal information.  
  • You have to inform your customers why your organization needs their personal information before, or at the time of collection.  
  • You need to obtain the consent of the consumer again if you identify a new purpose to collect their personal information. 

 3. Consent 

  • Consent is an essential element of PIPEDA. Organizations are generally required to obtain consent for the collection, use and disclosure of personal information. 
  • People must understand what they are consenting to and it is the responsibility of the business or organization collecting personal information to obtain consent from people. 

 4. Limiting Collection 

  • Your business only needs to collect the personal information that your organization needs to fulfill a legitimate purpose. 
  • Be honest about why you are collecting their personal information. 
  • Collect personal information by fair and lawful means.  

 5. Limiting Use, Disclosure, and Retention 

  • Your business may use or disclose personal information only for the identified purposes for which it was collected. 
  • As a business, it’s your responsibility to obtain fresh consent if you intend to use or disclose personal information for a new purpose. 
  • Also, you need to put guidelines and procedures in place for retaining and destroying personal information. 

 6. Accuracy 

  • Minimize the use of incorrect information when making a decision about an individual or when disclosing their personal information to third parties. 

7. Safeguard 

  • Businesses or marketers must protect all personal information against loss, theft, or any unauthorized access, disclosure, copying, use or modification. 

8. Openness 

  • Your organization’s personal information management practices must be clear and easy to understand for the consumer. They must be readily available for anyone to access. 
  • Many consumers find that the privacy policies are difficult to understand, but they are compelled to give their consent in order to obtain the goods and services they want. 

9. Individual Access 

  • Upon request, an individual must be informed of the existence, use, and disclosure of their personal information, and should also be given access to that information.

10. Challenging Compliance

  • As a business or marketer, you need to provide recourse by developing simple complaint handling and investigation procedures. 
  • You need to investigate all complaints you receive. 
  • Improve any information-handling practices and policies that are found to be problematic. 


If you are still not sure if your online marketing campaigns are compliant with privacy laws or not, contact your local online marketing professionals at The Design Thinking. We will help clear things out and help set up an online marketing campaign that is in compliance with the privacy legislation.