Global Privacy Law Landscape
Over the past several years, numerous laws and frameworks have emerged globally that govern the handling of personal information, including the following:
- Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
- Numerous provincial privacy laws affecting the public and private sectors
Although the requirements of these laws and frameworks vary greatly, some common themes have emerged, such as notice, choice, access, and security:
Notice: What information must be provided to individuals about how their data may be used and who it may be shared with? When must this notice be provided to individuals? In what manner must this notice be provided?
Choice: What choices are individuals offered in terms of what information about them is collected and how such information is used?
Access: Are individuals given the opportunity to access information maintained about them? Can individuals request that their information be amended or deleted?
Security: Are organizations that handle personal information required to protect such information using administrative, technical, and physical safeguards?
Salesforce.com's customers solely determine what data is submitted to the salesforce.com service as customer data. With respect to such data, salesforce.com acts as a data processor. In our role as a processor of customer data, salesforce.com addresses the general privacy principles described above in the following ways:
Notice, Choice & Access: Salesforce.com generally does not have a direct relationship with individuals whose personal data is submitted by customers to the salesforce.com service as customer data. Salesforce.com does not collect personal information on behalf of our customers, and salesforce.com does not determine how our customers use such data. Additionally, salesforce.com's customer contracts generally prohibit salesforce.com from accessing customer data except under limited circumstances.
Compliance with the Notice, Choice, and Access principles is based on cooperation between salesforce.com and our customers. For example, salesforce.com's contracts with our customers state that customers are responsible for the accuracy, quality, integrity, reliability, and appropriateness of data submitted to the salesforce.com service and that customers must comply with applicable laws in using the salesforce.com service.
Security: Salesforce.com maintains appropriate administrative, physical, and technical safeguards to help protect the security, confidentiality, and integrity of data our customers submit to the salesforce.com service as customer data. Salesforce.com's customers are responsible for ensuring the security of their customer data in their use of the service.