The Purpose of this extended analysis will be to examine the degree of compliance of Toronto-Dominion Bank’s (TD) privacy policy with that of the Personal Information Protection and Electronic Documents Act (PIPEDA). This paper will discuss course concepts such as the dignity vs property approach when discussing safeguard recommendations. The focus of this paper will be PIPEDA, but other notions such as the privacy vs secrecy debate will be introduced and explained throughout this paper. Certain privacy legislations such as Directive 95/46/EC (European privacy law) will be used to better recommend safeguards and accountability measures for Canadian Privacy Laws.
First Impressions. To answer if this is a good privacy policy depends on through …show more content…
This right here is an issue because ‘fair’ is a subjective term that TD can use any way it wants. Since the bank has the power to decide what is fair, then it is automatically lawful as well. Thus, this section is nothing more than a paper tiger. This issue is also seen in s. 4.4.1 of PIPEDA as it states the information collected must only fulfill the purposes identified. While TD does state what the information gathered is being used for, the also add subjective and vague reasons such as ‘to help the company grow’ or ‘to serve you better’; while this is not a direct violation of PIPEDA, we can see how TD works around it by not stating what is the purpose of the information gathered. While this section is also in violation of clause 4.8 – the openness principle, it will be discussed later in this …show more content…
4.5.2; the bank does not have a minimum or maximum retention period with respects to personal information. TD’s policy claims it can hold consumer data for as long as it wishes even after the original purpose has expired. However, PIPEDA also asks organizations to keep consumers data that has been used to make a decision about him ‘long enough’ for an individual to access in the future. This passage of PIPEDA is highly controversial because ‘long enough’ could mean from one day to five years. This vague language of PIPEDA thus allows banks to hold onto consumer data for as long as they
First Impressions. To answer if this is a good privacy policy depends on through …show more content…
This right here is an issue because ‘fair’ is a subjective term that TD can use any way it wants. Since the bank has the power to decide what is fair, then it is automatically lawful as well. Thus, this section is nothing more than a paper tiger. This issue is also seen in s. 4.4.1 of PIPEDA as it states the information collected must only fulfill the purposes identified. While TD does state what the information gathered is being used for, the also add subjective and vague reasons such as ‘to help the company grow’ or ‘to serve you better’; while this is not a direct violation of PIPEDA, we can see how TD works around it by not stating what is the purpose of the information gathered. While this section is also in violation of clause 4.8 – the openness principle, it will be discussed later in this …show more content…
4.5.2; the bank does not have a minimum or maximum retention period with respects to personal information. TD’s policy claims it can hold consumer data for as long as it wishes even after the original purpose has expired. However, PIPEDA also asks organizations to keep consumers data that has been used to make a decision about him ‘long enough’ for an individual to access in the future. This passage of PIPEDA is highly controversial because ‘long enough’ could mean from one day to five years. This vague language of PIPEDA thus allows banks to hold onto consumer data for as long as they