Protecting privacy in Canada's private sector: businesses that are serious about competing successfully in Canada need to get serious about privacy. They can start by complying with Canada's new private-sector privacy legislation.At the Core This article * examines Canada's Personal Information Protection and Electronic Documents Act The Personal Information Protection and Electronic Documents Act (abbreviated PIPEDA or PIPED Act) is a Canadian law relating to data privacy. It governs how private-sector organizations collect, use and disclose personal information in the course of commercial (PIPEDA PIPEDA Personal Information Protection and Electronic Documents Act (Canada) ) * provides 10 principles organizations must follow to be PIPEDA-compliant Many consumers are concerned about how their personal information is used, protected, and shared in commercial transactions. The loss of consumer confidence related to privacy fears has been particularly detrimental det·ri·men·tal adj. Causing damage or harm; injurious. det  ri·men to e-commerce. Ann Cavoukian Ann Cavoukian is the current Information and Privacy Commissioner for the Canadian province of Ontario.Ann Cavoukian took a B.A. at York University in Toronto and then received an M.A. and Ph.D. and Tyler J. Hamilton's book, Privacy Payoff: How Successful Businesses Build Customer Trust, suggests tens of billions of dollars in e-commerce growth have been forgone as a result. However, privacy is also a business-to-business (B2B (Business to Business) Refers to one business communicating with or selling to another. See B2B e-commerce, B2C and B2G. B2B - business to business ) requirement, because businesses should hold their customer information secure and confidential during interactions with suppliers, resellers, employees, and others. Given these concerns trod trod v. Past tense and a past participle of tread. trod Verb the past tense and a past participle of tread trod, trodden tread their economic implications, many jurisdictions such as Australia and the European Union European Union (EU), name given since the ratification (Nov., 1993) of the Treaty of European Union, or Maastricht Treaty, to the European Community have enacted privacy protection legislation aimed at restoring confidence in e-commerce transactions. Often such legislation extends the public sector's personal privacy protection requirements to the private sector. The origin and ongoing development of Canada's private sector privacy legislation is a case in point, as it embodies principles of the federal Personal Information Protection and Electronic Documents Act (PIPEDA). The Evolution of Canada's Private Sector Privacy Legislation In Canada, interest in regulating privacy protection arose in the mid-1990s when the Canadian Standards Association See CSA. drafted a generic privacy code (Model Code for the Protection of Personal Information) based on Organisation for Economic Cooperation and Development (OECD OECD: see Organization for Economic Cooperation and Development. ) international guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. for fair information practices. That code was used subsequently as the basis for Canada's federal privacy statute, PIPEDA, which became law in April 2000. Divided into five parts, the first part of PIPEDA governs the collection, use, and disclosure of personal information in commercial activities by organizations of all types, including associations, partnerships, trade unions, and the Canadian offices or subsidiaries of foreign companies. In recognition that privacy is both a consumer and a B2B concern, PIPEDA broadly defines the terms "personal information" and "commercial activity." Personal information is defined as factual or subjective information in any form about an identifiable individual, such as customers' credit/loan records and employee information such as medical conditions See carpal tunnel syndrome, computer vision syndrome, dry eyes and deep vein thrombosis. and disciplinary actions. (Personal information does not, however, include an employee's name, title, business address, telephone number, or publicly available information such as names, addresses, or telephone numbers published in directories or court records.) Commercial activity consists of any transaction, act, or conduct of a commercial nature, including the selling, bartering, or leasing of donor, membership, or other fundraising
Many organizations that will become subject to PIPEDA on January 1, 2004 (See "PIPEDA Implementation Schedule" above), are taking a wait-and-see approach, given the possibility that the provinces in which they operate may pass "substantially similar" legislation later this year. However, getting ready now may give organizations a competitive edge because concerns about privacy rank high with Canadian consumers and employees. Further, implementing privacy protection now will not be a wasted effort--even if an organization becomes subject to a provincial privacy statute--because a provincial statute must adopt the same basic principles as PIPEDA to secure an exemption. In fact, it is recommended that organizations begin to plan their compliance based on PIPEDA's requirements and adjust their business practices to comply with any substantive differences in provincial legislation that may be enacted before January 1, 2004, in the provinces in which they operate. PIPEDA's 10 Principles PIPEDA's goal is for organizations to have open and transparent relationships with their customers and employees by recognizing an individual's right to privacy and by establishing rules for collecting, using, and disclosing personal information in commercial activities. The 10 principles that organizations must follow are: 1. Accountability The requirements are two-fold. First, an organization is responsible for protecting both personal information in its possession and any personal information that it transfers to a third party for processing (e.g., when an employer transfers personal information to the provider of an employee benefits plan). Second, accountability for an organization's PIPEDA compliance rests with a designated individual or individuals. Compliance with this principle requires an organization to appoint a privacy officer responsible for developing and implementing a compliance program. An integral part of the program will be policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental to standardize stan·dard·ize v. 1. To cause to conform to a standard. 2. To evaluate by comparing with a standard. personal information-handling practices such as disclosing personal information and processing personal information access requests. Training also will be essential to ensure that employees--particularly front-line workers who collect and process personal information--are aware of their responsibilities. Periodic reviews by the privacy officer and/or external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. also are required to assess the organization's ongoing compliance with accountability and other principles, to identify any corrective action A corrective action is a change implemented to address a weakness identified in a management system. Normally corrective actions are instigated in response to a customer complaint, abnormal levels if internal nonconformity, nonconformities identified during an internal audit or required, and to monitor the implementation of corrective action to ensure compliance breaches do not reoccur. In addition, an organization should contractually obligate obligate /ob·li·gate/ (ob´li-gat) pertaining to or characterized by the ability to survive only in a particular environment or to assume only a particular role, as an obligate anaerobe. each third party with whom it does business and to whom it transfers personal information to protect that information to the same degree that any personal information received by the organization from a third party was lawfully law·ful adj. 1. Being within the law; allowed by law: lawful methods of dissent. 2. Established, sanctioned, or recognized by the law: the lawful heir. collected and disclosed. 2. Identifying Purposes This principle requires an organization to identify the reasons for which personal information is collected, either prior to or at the time of collection. An organization may collect personal information for many reasons, such as opening an account, verifying creditworthiness Creditworthiness The condition in which the risk of default on a debt obligation by that entity is deemed low. Creditworthiness Eligibility of an individual or firm to borrow money. , providing employee benefits, sending out membership information, or establishing customer eligibility for special offers or discounts. Other purposes may be equally valid--the key to compliance is ensuring that the reason for data collection is reasonable and is communicated either verbally or in writing (e.g., on a registration form, in a brochure, on a Web site). To satisfy this requirement, an organization should define as narrowly as possible the reasons for which it collects personal information and the intended uses of that data, and then review personal data holdings to ensure that collected information meets the stated purposes. Keep in mind that an organization that collected personal information for one purpose cannot use it for a new purpose unless the new purpose is identified prior to use and the individual's consent is obtained (unless, of course, the new purpose is required by law). 3. Consent An organization is responsible for collecting, using, or disclosing personal information only with the concerned individual's knowledge and consent, subject to a few exceptions. Defined as voluntary agreement with what is being done or proposed, con sent may be implied (i.e., reasonably inferred from the individual's action or inaction in·ac·tion n. Lack or absence of action. inaction Noun lack of action; inertia Noun 1. ) or expressed (i.e., given explicitly, either orally or in writing). In either case, the consent must be informed--the individual must be told why the personal information is being collected, how it will be used, and when, why, and to whom it will be disclosed. PIPEDA is retroactive Having reference to things that happened in the past, prior to the occurrence of the act in question. A retroactive or retrospective law is one that takes away or impairs vested rights acquired under existing laws, creates new obligations, imposes new duties, or attaches a in its application. An organization does not need to re-collect personal information; however, it must obtain consent to continue using or disclosing that information no matter how long ago it was collected. In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , it is legal for an organization to have information without consent, but it is illegal to make any use of it or to disclose it to anyone else without first obtaining consent. Compliance with this principle requires an organization to document all consent given as well as any consent withdrawn. Such documentation will be required if any individual requests an accounting or if complaints or investigations arise. Organizations must develop ways to document consent (e.g., check-off boxes on a form) and to organize and store consent and withdrawal information for easy retrieval in the future. 4. Limiting Collection This principle prohibits organizations from collecting personal information indiscriminately or through deception deception n. the act of misleading another through intentionally false statements or fraudulent actions. (See: fraud, deceit) or misrepresentation misrepresentation In law, any false or misleading expression of fact, usually with the intent to deceive or defraud. It most commonly occurs in insurance and real-estate contracts. False advertising may also constitute misrepresentation. . To demonstrate compliance, the amount and type of personal information collected should be limited to what is necessary to fulfill ful·fill also ful·fil tr.v. ful·filled, ful·fill·ing, ful·fills also ful·fils 1. To bring into actuality; effect: fulfilled their promises. 2. the identified purposes. By reducing the amount of information gathered, organizations can lower the costs of collecting, storing, retaining, and ultimately destroying personal information. Also, collecting less personal information reduces risk; what is not collected in the first place cannot be used or disclosed inappropriately. 5. Limiting Use, Disclosure, and Retention This principle obligates organizations to use or disclose personal information only for the purposes for which it was collected unless the individual consents to other uses or unless laws authorize To empower another with the legal right to perform an action. The Constitution authorizes Congress to regulate interstate commerce. authorize v. to officially empower someone to act. (See: authority) other use or disclosure. This principle also requires that organizations keep personal information only as long as necessary to fulfill the identified purpose(s). To achieve compliance with this principle, organizations should document any new use or disclosure purpose and obtain consent prior to implementing the new use or disclosure. Developing and implementing a records retention schedule that sets out how long personal information will be kept to satisfy an intended purpose or a legal requirement will accomplish compliance with the limited retention aspect. The schedule should give direction on retaining and disposing of duplicate DUPLICATE. The double of anything. 2. It is usually applied to agreements, letters, receipts, and the like, when two originals are made of either of them. Each copy has the same effect. copies of personal information and address retention in any media format. Care also should be taken to ensure that personal information used to make decisions about an individual is kept for a reasonable period after the decision-making process to allow individuals to have access and pursue redress Compensation for injuries sustained; recovery or restitution for harm or injury; damages or equitable relief. Access to the courts to gain Reparation for a wrong. REDRESS. The act of receiving satisfaction for an injury sustained. , if applicable. 6. Accuracy The objective is to ensure that personal information is accurate, complete, and up-to-date so that incorrect information is not used to make decisions or third-party disclosures. Compliance requires organizations to * identify where personal information is kept so that it can be readily accessed for updates * document when personal information was collected or updated * document steps taken to verify the information's accuracy, completeness, and timeliness Another key compliance component is an organization's ability to limit duplication duplication /du·pli·ca·tion/ (doo-pli-ka´shun) 1. the act or process of doubling, or the state of being doubled. 2. , because duplication greatly increases chances that personal information will become inaccurate, be used or disclosed inappropriately, or be kept long after the official record is destroyed according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a retention schedule. 7. Safeguards This principle requires organizations to provide adequate security to protect personal information against loss or theft and safeguard it from unauthorized access, disclosure, copying, use, or modification. The requirement also calls for organizations to ensure that personal information is securely destroyed when no longer needed. Compliance can be achieved by developing an information security policy to specify how personal information will be protected. The policy should address the safeguards provided at each step in the personal information life cycle, from creation or receipt to final disposition. To ensure that personal information is secure in any format, storage location (including off-site locations), or transmission medium such as facsimiles, organizations should implement or supplement security by using * physical measures, such as locked file cabinets * technological tools, such as password protection * organizational controls, such as limiting access to a "need-to-know" basis or requiring individuals to sign confidentiality agreements 8. Openness Under this principle, organizations must make their information management policies readily available to employees and customers. In addition to publicizing pub·li·cize tr.v. pub·li·cized, pub·li·ciz·ing, pub·li·ciz·es To give publicity to. Noun 1. publicizing - the business of drawing public attention to goods and services advertising policies in brochures and Web site notices, an organization should identify its privacy officer and provide his or her contact information. Employee training is also required, particularly for front-line employees who collect personal information, process transactions, and respond to inquiries. They must understand and be able to communicate the purposes for which personal information is collected, help individuals understand the organization's policies, and appropriately route access requests and complaints. 9. Individual Access Individuals are entitled en·ti·tle tr.v. en·ti·tled, en·ti·tling, en·ti·tles 1. To give a name or title to. 2. To furnish with a right or claim to something: to request access to their personal information held by organizations. Individuals also are entitled to determine the uses to which the information was put and the names of any third parties to whom the information was disclosed. Because organizations are expected to respond with due diligence Research; analysis; your homework. This term has caught on in all industries, because it sounds so "wired." Who would want to do analysis or research when they can do due diligence. See wired. within 30 calendar days after receiving a request to access, it is imperative that personal information be organized to allow quick retrieval. Regardless of whether an individual's personal information is kept in one or several locations, it must be stored in a logical and easily accessible manner to minimize delays and eliminate the risk that data will be overlooked. Similarly, organizations need procedures for processing access requests that allow sufficient time to * review a request to ensure it is complete and clear * locate the personal information relevant to the request * review the personal information in detail to determine any exemptions prohibiting its release (e.g., information subject to client/solicitor privilege) * determine any permissions required (e.g., to release information in the record pertaining per·tain intr.v. per·tained, per·tain·ing, per·tains 1. To have reference; relate: evidence that pertains to the accident. 2. to a third party) * decide whether to grant or deny the request Because incorrect or incomplete information may be found when processing requests or responding to requesters' reviews of their own personal information, organizations should also develop procedures for updating deficient de·fi·cient adj. 1. Lacking an essential quality or element. 2. Inadequate in amount or degree; insufficient. deficient a state of being in deficit. information and informing third parties to whom it was previously disclosed. 10. Challenging Compliance This principle sets out parameters under which individuals may challenge an organization's PIPEDA compliance. Penalties for non-compliance include fines of up to $10,000 Canadian ($7,158 U.S.) for a summary conviction or $100,000 ($71,584 U.S.) for an indictable offense indictable offense n. a crime (offense) for which a grand jury rules that there is enough evidence to charge defendant with a felony (a crime punishable by death or a term in the state penitentiary). and the possibility that courts may award damages. However, many organizations likely consider bad publicity the greatest possible penalty because receiving negative media coverage and becoming the focus of Internet chats and Web sites can undermine public confidence. To achieve compliance with the recourse The right of an individual who is holding a Commercial Paper, such as a check or promissory note, to receive payment on it from anyone who has signed it if the individual who originally made it is unable, or refuses, to tender payment. principle, organizations should develop complaint filing and processing procedures, promptly investigate all complaints, and document all investigations undertaken. In addition, any deficiencies or noncompliance noncompliance failure of the owner to follow instructions, particularly in administering medication as prescribed; a cause of a less than expected response to treatment. noncompliance identified during an investigation should be corrected and later audited to ensure they do not reoccur. By taking such actions, organizations will reduce the likelihood of investigation by Canada's privacy commissioner, who is responsible for overseeing and enforcing PIPEDA's privacy provisions. The privacy commissioner also is empowered to make public any organization's personal information practices in the hope that public opinion will force compliance. The Information Management Connection George Radwanski George Radwanski is a former public servant, policy advisor, journalist and author. He is best known for having served as Privacy Commissioner of Canada until he was forced to resign over misleading expense claims; he was later charged with fraud by the RCMP. , the privacy commissioner of Canada The Privacy Commissioner of Canada is a special ombudsman and an officer of parliament who reports directly to the House of Commons and the Senate. The Privacy Commissioner has the authority to investigate complaints filed by Canadian citizens, and report on whether there , has stated, "What the act is really about is good information management practices, and every organization benefits from those." Indeed, the ease with which an organization can achieve compliance with PIPEDA or substantially similar provincial legislation is related to the organization's existing information management framework. For example, organizations that have classification and indexing systems in place will find it much easier to locate personal information, both to audit current practices against PIPEDA's requirements and to respond to access requests. Similarly, organizations that have retention schedules and procedures for securely destroying obsolete OBSOLETE. This term is applied to those laws which have lost their efficacy, without being repealed, 2. A positive statute, unrepealed, can never be repealed by non-user alone. 4 Yeates, Rep. 181; Id. 215; 1 Browne's Rep. Appx. 28; 13 Serg. & Rawle, 447. records will find it much easier to comply with the requirements to limit retention and safeguard personal information. For those organizations with little or no formal information management practices, it is not too late to begin a program. Achieving PIPEDA compliance provides an opportunity to establish information management practices for personal information while also laying a foundation on which to build efficient practices for managing all of an organization's recorded information in the future. Provincial Privacy Statutes * Quebec is exempt from PIPEDA. Further, its 1994 law (an act respecting the protection of personal information in the private sector) was judged by the Canadian federal government to be substantially similar to PIPEDA. So that statute will continue to govern personal information in any commercial activity within Quebec's borders. * PIPEDA was intended to apply to the private sector in Northwest Territories Northwest Territories, territory (2001 pop. 37,360), 532,643 sq mi (1,379,028 sq km), NW Canada. The Northwest Territories lie W of Nunavut, N of lat. 60°N, and E of Yukon. , Nunavut Territory, and Yukon Territory Yukon Territory, territory (2001 pop. 28,674), 207,076 sq mi (536,327 sq km), NW Canada. Geography and Climate The triangle-shaped Yukon territory is bordered on the N by the Beaufort Sea of the Arctic Ocean, on the E by the Northwest Territories, beginning January 1, 2001, because they are seen to hold the constitutional status of a "federal undertaking." However, the information and privacy commissioner for the Northwest Territories and Nunavut Territory has recommended that those territories introduce their own legislation to cover the private sector, raising the possibility that privacy requirements will differ in the territories. * As of April 13, no province had introduced a bill to enact substantially similar legislation, and there does not appear to be a process in place to develop privacy legislation governing gov·ern v. gov·erned, gov·ern·ing, gov·erns v.tr. 1. To make and administer the public policy and affairs of; exercise sovereign authority in. 2. the private sector in Manitoba, New Brunswick New Brunswick, province, Canada New Brunswick, province (2001 pop. 729,498), 28,345 sq mi (73,433 sq km), including 519 sq mi (1,345 sq km) of water surface, E Canada. , Newfoundland and Labrador Newfoundland and Labrador, province, Canada Newfoundland and Labrador (ny  `fənlənd, ny , Nova
Scotia Nova Scotia (nō`və skō`shə) [Lat.,=new Scotland], province (2001 pop. 908,007), 21,425 sq mi (55,491 sq km), E Canada.
Geography, Prince Edward Island Prince Edward Island, province (2001 pop. 135,294), 2,184 sq mi (5,657 sq km), E Canada, off N.B. and N.S. Geography One of the Maritime Provinces, Prince Edward Island lies in the Gulf of St. , or Saskatchewan. If no provincial legislation is passed in those jurisdictions, PIPEDA will apply there beginning January 1, 2004. * Only three provinces--Alberta, British Columbia British Columbia, province (2001 pop. 3,907,738), 366,255 sq mi (948,600 sq km), including 6,976 sq mi (18,068 sq km) of water surface, W Canada. Geography , and Ontario--have indicated their intention to enact private sector privacy statutes, and it remains to be seen if they will succeed before year-end. In February, Alberta announced its intention to introduce the draft Personal Information Protection Act in the spring sitting of the legislature. British Columbia reportedly is assessing how to resolve various concerns (e.g., identifying the allowable parameters of information sharing See data conferencing. between organizations) raised in response to its discussion paper, "Privacy Protection in the Private Sector," released in mid-2002. Ontario reportedly is redrafting its proposed Privacy of Personal Information Act after receiving several hundred responses to its 2002 discussion paper. PIPEDA Compliance Resources There are several resources that organizations can draw upon as they begin to institute PIPEDA-compliant business practices. Organizations can complete a diagnostic tool to self-assess the privacy-readiness of their business practices. Several tools are available, including a free Privacy Diagnostic Tool developed by the information and privacy commissioner of Ontario. It allows an organization to compare its personal information processes to international privacy principles, including the 10 principles in PIPEDA. Organizations can conduct an in-depth assessment of current practices for collecting, using, storing, keeping, and disclosing personal information by answering such questions as: * What personal information is collected? * Why is it collected? * Where is the information kept? * Who has access to the information? * To whom is the information disclosed? Armed with the answers, an organization can compare its current practices to PIPEDA's principles, identify deficiencies, and implement the corrections necessary to achieve compliance. Organizations can complete a privacy impact assessment (PIA pi·a n. The pia mater. pi  al adj. ) to
ensure that any new technologies, computer systems, or policies will
comply with PIPEDA's requirements. According to Ann Cavoukian and
Tyler J. Hamilton's book, Privacy Payoff: How Successful Businesses
Build Customer Trust, completion of a PIA forces an organization to
assess privacy implications, identify risks, and determine how they can
be mitigated mit·i·gate v. mit·i·gat·ed, mit·i·gat·ing, mit·i·gates v.tr. To moderate (a quality or condition) in force or intensity; alleviate. See Synonyms at relieve. v.intr. To become milder. by asking such questions as * What kind of data will be collected and stored? * Where does it come from? * Where does it go? * How will the data inventory be tracked and managed as it flows through the new system? Lastly, when an organization begins writing its privacy policy, guidance can be found in the Organisation for Economic Cooperation and Development's (OECD) Privacy Statement Generator. This free online tool poses a series of questions that helps to design an organization-specific policy in keeping with the OECD's fair information practices, on which PIPEDA is based. Access it at http://cs3-hq.oecd.org/scripts/pwv3/pwhome.htm.
PIPEDA Implementation Schedule
A three-phase schedule is underway to implement PIPEDA's
privacy provisions.
Phase Whom the Provisions Apply to
Phase 1: * Customers'and employees' personal
Effective January 1,2001 information held by federally regulated
commercial organizations such as
chartered banks
* Organizations that conduct
inter-provincial commercial activities
such as transportation
* All commercial activities conducted in
Canada's northern territories
* Any Canadian organizations that disclose
personal information for consideration
outside the country
Phase 2: * All personal health information held by
Effective January 1,2002 the organizations included in the first
phase
Phase 3: * All organizations that collect, use, or
Effective January 1,2004 disclose personal information in
commercial activities within any province
(except Quebec), unless a province enacts
substantially similar legislation
* All commercial activity in
Canada--including foreign companies with
Canadian subsidiaries, headquarters, or
offices--will be subject to PIPEDA
or substantially similar provincial
legislation
References "A Consultation on the Draft Privacy of Personal Information Act, 2002." Ottawa, Ontario: Ministry of Consumer and Business Services, 2002. Available at www.cbs.gov.on.ca/mcbs/english/pdf/56XSMB.pdf (accessed 7 May 2003). Cavoukian, Ann and Tyler J. Hamilton. Privacy Payoff: How Successful Businesses Build Customer Trust. Toronto: McGraw-Hill Ryerson, 2002. "Personal Information Protection and Electronic Documents Act." Available at http://laws.justice.gc.ca/en/P-8.6/91352.html (accessed 7 May 2003). "Privacy Protection in the Private Sector" consultation paper. Victoria, British Columbia: Ministry of Management Services Corporate Privacy and Information Access Branch, 2002. Available at http://www.mser.gov.bc.ca/FOI_POP/PSP/PSP-Consult.pdf(accessed 7 May 2003). Rankin, Murray. "Privacy Covered by a Crazy Legal Quilt." The Globe and Mail, 15 January 2003. "Your Privacy Responsibilities: Guide for Businesses and Organizations to Canada's Personal Information Protection and Electronic Documents Act." Ottawa, Ontario: Privacy Commissioner of Canada. Available at www.privcom.gc.ca/ information/guide_e.asp (accessed 7 May 2003). READ MORE ABOUT IT Organisation for Economic Cooperation and Development (OECD)'s Privacy Statement Generator. Available at http://cs3-hq.oecd.org/scripts/pwv3/pwhome.htm (accessed 7 May 2003). "Privacy Diagnostic Tool." Ottawa, Ontario: Information and Privacy Commissioner, 2001. Available at www.ipc.on.ca/english/resources/resources.htm (accessed 7 May 2003). Editors' Note: This article is for general information purposes; it does not contain or constitute legal advice. Organizations should seek legal advice when taking action to achieve compliance with PIPEDA or any substantially similar provincial legislation that may be enacted in the future. Sheila Taylor, CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. , is a Principal with CONDAR Consulting Inc. and Chair of the Canadian Legislative and Regulatory Affairs Regulatory Affairs (RA), also called Government Affairs, is a profession within regulated industries, such as pharmaceuticals, medical devices, energy, and banking. Regulatory Affairs professionals usually have responsibility for the following general areas: |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion