FOOD CHAIN
DATA, PRIVACY & THE LAW
for your information
DIG IN
Need a privacy policy template? Restaurants Canada is here to help you navigate the choppiest of waters. Check out our Member Portal to find more information and downloadable resources.
Protect yourself, your employees and your brand. ______
MEMBER PORTAL members.restaurantscanada.org
PIPEDA
The Personal Information Protec- tion and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations. It sets out the ground rules for how businesses must handle personal information in the course of com- mercial activity.
CASL
Canada’s anti-spam legislation (CASL) is the federal law dealing with spam and other electronic threats. It is meant to protect Ca- nadians while ensuring that busi- nesses can continue to compete in the global marketplace.
The PATRIOT ACT (TPA)
TPA is an Act of Congress signed into law in October of 2001. In very general terms, TPA authorizes measures to enhance the ability
of domestic security services to prevent terrorism, including the handling/transferring of elec- tronic data in the US. The reality is that—in either Canada or the US—data may be shared and reviewed for law enforcement purposes.
PRIVACY TRAINING
An educated sta  is an e ective sta . Train your employees on how to handle and manage data,
while making them aware of your operation’s responsibilities.
KEEP SAFE!
Make sure to choose the path of protection. Change your passwords often and understand the various options for encryption. Educate yourself on the law and be ready for any potential incidents.
A PRIVACY POLICY
So, what is a privacy policy? It’s a public statement that discloses data that your company plan to gather from customers, includ- ing explanations of how data are gathered, stored and used. This
51%
of Canadians have chosen not to do business with a company due to privacy practices.
Source: priv.gc.ca
includes sharing whether or not data will be disclosed to third parties. Set high standards for yourself, follow them, and make sure that you are letting your guests know how their data are being used.
Chad Finkelstein’s advice: “Every company should really have two di erent privacy poli- cies. One is customer-facing and the other is employee-facing. The customer-facing policy should be accessible via your website.” Here are some easy tips to follow for creating your policy:
• Developaprivacypolicy.Thisis your restaurant’s internal gov- ernance document and will help not only you but your entire team, navigate the sticky world of data collection and app use. This pol- icy should include a step-by-step outline—in plain language—for how a customer or subscriber can opt-out of your services.
• It should spell out how your company will inform guests about data breaches.
• Thisshould,ataminimum,be posted on your website in an easy-to- nd place.
• Don’tforgettocomplywiththe rules you set out for yourself. Re- member, you could be held liable for breaches. m
TRY SIRIUSXM
MUSIC FOR BUSINESS
FREE
FOR 30 DAYS.
THE PERFECT SOUND FOR YOUR BUSINESS.
Get over 90 channels of commercial-free music in every genre for $35.99/mo*.
Visit siriusxm.ca/menu and enter
promo code: MENU or call 1-877-249-9143 to learn more.
* Taxes and a one-time activation fee of $29.99 apply. Additional radios require additional subscriptions of $35.99/ mo. per location. Offer and service is based on a SiriusXM Internet Music for Business subscription. ©2016 Sirius XM Canada Inc., all rights reserved. “SiriusXM”, “SiriusXM Satellite Radio”, “XM”, “Sirius”, the SiriusXM logo, channel names and logos are trademarks of Sirius XM Radio Inc. and are used under license.
A HIGH-PROFILE DATA BREACH
American hotel giant, Wyndham Worldwide Corp., whose brands include Days Inn, Howard Johnson, Ramada, Super 8 and Travelodge, was held accountable by the Federal Trade Commis- sion in the US for several separate breaches in 2008 and 2009. Hackers broke into its computer system and stole credit card and other vital details from customers. The breach, which a ected upwards of 619,000 customers chain-wide, led to more than $10.6 million in fraudulent charges. This case was one of the  rst in North America that dealt with a franchised group of business- es mired in a data-collection issue.