It's here and difficult to avoid. The new privacy law in Canada called the Personal Information Protection and Electronic Documents Act (PIPEDA) is in place as of January 1, 2004 and does affect Quokka Systems and all of its online booking system customers.

The Act's intention is to keep businesses, as a result of malice or lack of diligence, from misusing information that their customers disclose. Most of us think of misuse as selling the data without permission or sending irrelevant correspondence. But in actual fact - if you think about the data a hotel collects - you have access to names, home addresses, family size, credit card, and work address information. Were that data to be stolen by the really bad people in the world, your guests could find themselves the victims of harassment or worse. How could this data be stolen? Computer hacking is possible, but the reality is that leaving sensitive documents out in the open is a much more likely way for people to steal information. (This is why I always enjoy seeing a clean front desk when I visit a hotel.)

But PIPEDA (I can't decide whether to pronounce this Pip-E-da or Pipe-Duh.) is frankly odd in places. For example, it states that Quokka Systems has to "use contractual or other means to provide a comparable level of protection while the information is being processed by a third party." This means that if we are properly protecting the data that someone provides when making a booking, Quokka Systems has to make sure that our hotel and activity customers do the same thing. Yikes. Quokka Systems has changed its contracts to reflect this, but as far as ensuring compliance, we have neither the right nor the resources to audit our customers' compliance.

We have read that companies who currently possess data on individuals are panicking because they have compiled it from a variety of sources and don't have a clue if the individuals know they have the data let alone have given permission to use it.

But surely this is an opportunity to contact one's customer or marketing base. If you have information about individuals, I suggest sending it back to them, asking permission to keep them posted on events and specials, giving them instructions on how to change the data, and telling them about your latest special. And while you are at it, blame PIPEDA for the intrusion. Prepare for a lot of boring clerical work, but why not? In the end you will know who wants to hear from you and who doesn't, and you will be compliant with the legislation.

Quokka Systems does not have the same challenge - we don't often deal with the public directly. The Quokka Online Booking System is our clients' way to communicate with their customers about bookings. Soon we will enhance the guests' ability to access and change their data. Plus we are re-doing the customer profile page so that it's easier to read and is clearer about the privacy law.

The Act may be an administrative nightmare at first, but in the end it can be used to make clear connections with your customers and inspire trust in them about you and your commitment to their safety.

To see Quokka Systems' privacy policy, please go to www.quokkasystems.com/privacystmt.htm

Robert Ford is the president of Quokka Systems Consulting Ltd. and is a regular contributor to ComputerWorld Canada. (www.itworld.com)

Robert can be reached at Robert@quokkasystems.com

Return to top page of Newsletter