For a U.S. company employing a Canadian the rules and regulations surrounding payroll and employment standards compliance are complicated enough. Add to this the strict rules of Canadian Privacy Law, employing someone in Canada can seem pretty daunting.
Because of them, information sharing of a Canadian’s personal information with any U.S. linked organizations may be in violation of the law. Below we go over the factors a U.S. organization must consider upon deciding to employ and pay a Canadian when it comes to privacy.
Canadian Privacy Laws make sharing of information with U.S. organizations extremely hard.
Canadian Privacy Laws are set out and mandated by PIPEDA –; the Personal Information Protection and Electronics Act.
As outlined in this article by Gowlings; the overarching rule in Canadian privacy legislation is that organizations may only collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. This rule applies regardless of the consent of the individual whose information is in question.
One cannot avoid the reasonableness standard by obtaining consent to an objectively unreasonable collection, use or disclosure of their information. Conversely, in most cases, organizations must have either the express or implied consent of the individual to the collection, use or disclosure of their personal information.
All four of the major private-sector statutes apply similar principles:
- Personal information may only be collected, used or disclosed with the knowledge and consent of the individual.
- The collection of personal information must be limited to what is necessary for identified purposes.
- Personal information must be collected by fair and lawful means.
Personal information must be protected by adequate safeguards appropriate for the sensitivity of the information — highly sensitive information, such as financial data, must be provided with a proportionately high level of security that should include physical, organizational and technological protection measures. Individuals must be provided with easy access to information about an organization’s privacy policies and practices.
In fact, many Canadian organizations include a privacy matrix as part of their onboarding processes to ensure that the worker understands their rights and the companies’ privacy policies.
A U.S. company hiring a Canadian must familiarize themselves with the PIPEDA to ensure that they have met their due diligence when collecting personal information, such as a social insurance number and banking information, from their Canadian worker.
The Storage of Data Rules to Secure Canadian Employee’s Personal Information.
Although the PIPEDA Act does not set out any particular safeguards to secure an employee’s personal information, it is the responsibility of the employer to ensure personal information is adequately protected. An employer is responsible to ensure safe storage of personal information as set out under PIPEDA. The responsibilities on an employer to ensure safe storage of data include:
- Protect personal information against loss or theft.
- Safeguard the information from unauthorized access, disclosure, copying, use or modification.
- Protect personal information regardless of the format in which it is held.
Be sure to cover these bases before diving into paying Canadians and if you’d like to hear more about The Payroll Edge’s Employer of Record EOR and Professional Employer Organization PEO please contact us.