First Impressions. To answer if this is a good privacy policy depends on through who’s lens it is being looked upon. From the perspective of the bank, this policy is necessary to help operate its daily functions and protect against fraud and other crimes; but from the perspective of the individual, it overextends its power and violates privacy laws. It puts the onus on the individual to know what consent really means, along with vague sections, it only exists to manipulate PIPEDA and abuse its power. Compliance with PIPEDA. Accountability: Section 4.1.3 of PIPEDA states an organization is responsible data transferred to third parties is done so with high standards and the responsibility of its use falls on the company sending it. TD’s policy violates this section; once data is transferred, the bank then has no authority over the matter. PIPEDA’s section also states that if data is transferred, it is the responsibility of the sender to protect it while ‘it is being processed by third parties’. The recent CBC investigation delivers a blow to TD’s compliance measures with regards to s. 4.1.4© and (d). section (c) states staff of the organization must be trained about the company’s policies and procedures on how to protect data. Section (d) states staff must be able to properly explain these policies as well. The CBC investigation has shown that TD has violated these two sections to the extreme. The investigation unveiled every time an individual entered his PIN at a teller’s counter, a popup would appear on the teller’s screen exposing confidential information about the customer. The teller would then try to persuade him into getting services he does not need. As mentioned before in part I, TD stated in its privacy policy that any customer data collected will only be used for purposes mentioned and access to it is only open to certain employees. More specifically, in the sub-section ‘how we protect your information’, it is stated no agent of TD can have any unauthorized access to data, nor can they misuse it anyway. But there is no clear distinction in the policy as to what bounds the employees to these codes, or more importantly what the code is. As can be seen here, TD does not uphold the accountability …show more content…
This right here is an issue because ‘fair’ is a subjective term that TD can use any way it wants. Since the bank has the power to decide what is fair, then it is automatically lawful as well. Thus, this section is nothing more than a paper tiger. This issue is also seen in s. 4.4.1 of PIPEDA as it states the information collected must only fulfill the purposes identified. While TD does state what the information gathered is being used for, the also add subjective and vague reasons such as ‘to help the company grow’ or ‘to serve you better’; while this is not a direct violation of PIPEDA, we can see how TD works around it by not stating what is the purpose of the information gathered. While this section is also in violation of clause 4.8 – the openness principle, it will be discussed later in this …show more content…
4.5.2; the bank does not have a minimum or maximum retention period with respects to personal information. TD’s policy claims it can hold consumer data for as long as it wishes even after the original purpose has expired. However, PIPEDA also asks organizations to keep consumers data that has been used to make a decision about him ‘long enough’ for an individual to access in the future. This passage of PIPEDA is highly controversial because ‘long enough’ could mean from one day to five years. This vague language of PIPEDA thus allows banks to hold onto consumer data for as long as they