compliance

2025-10-02 18:04:27 +00:00 · 2025-08-23 03:12:04 -04:00
parent be6fa71850
commit 3255bf40e7
8 changed files with 355 additions and 160 deletions
--- a/docs/build/doctrees/2_compliance.doctree
+++ b/docs/build/doctrees/2_compliance.doctree
--- a/docs/build/doctrees/environment.pickle
+++ b/docs/build/doctrees/environment.pickle
--- a/docs/build/html/2_compliance.html
+++ b/docs/build/html/2_compliance.html
@@ -337,14 +337,14 @@ applicable statutory deductions.</p>
 <section id="statistics-canada">
 <h2><span class="section-number">2.5. </span>Statistics Canada<a class="headerlink" href="#statistics-canada" title="Link to this heading">¶</a></h2>
 <p>Statistics Canada produces statistics that help Canadians better understand their country—its
-population, resources, economy, society and culture.
+population, resources, economy, society and culture.</p>
-In Canada, providing statistics is a federal responsibility. As Canada’s central statistical
+<p>In Canada, providing statistics is a federal responsibility. As Canada’s central statistical
 agency, Statistics Canada is legislated under the Statistics Act to serve this function for the
-whole of Canada and each of the provinces/territories.
+whole of Canada and each of the provinces/territories.</p>
-Objective statistical information is vital to an open and democratic society. It provides a solid
+<p>Objective statistical information is vital to an open and democratic society. It provides a solid
 foundation for informed decisions by elected representatives, businesses, unions and non-
-profit organizations, as well as individual Canadians.
+profit organizations, as well as individual Canadians.</p>
-Statistics Canada is committed to protecting the confidentiality of all information entrusted to
+<p>Statistics Canada is committed to protecting the confidentiality of all information entrusted to
 them and to ensure that the information delivered is timely and relevant to Canadians.</p>
 </section>
 <section id="personal-privacy">
@@ -353,19 +353,19 @@ them and to ensure that the information delivered is timely and relevant to Cana
 limits on the collection, use or disclosure of personal information. Private sector privacy laws
 in Canada currently only cover the employee personal information of employees that work
 for federally regulated companies or who are located in one of the four provinces with
-provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec1.
+provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec.</p>
-Public sector employees have some privacy protection under all jurisdictions except Ontario
+<p>Public sector employees have some privacy protection under all jurisdictions except Ontario
 which excludes employee information from its public sector privacy legislation. Employees
 who are covered by a collective agreement also have statutory privacy protection based on
 arbitral jurisprudence and their particular collective agreement. Therefore, approximately
 half of workers in Canada have privacy rights backed by legislation, while the remaining
 50% of the country’s more than 20 million or so workers have privacy rights that are either
 voluntarily set in place by employers who have developed employee privacy codes or have
-privacy rights because they have a collective agreement in place.
+privacy rights because they have a collective agreement in place.</p>
-Employers should also be aware that egregious violations of privacy may open them up to
+<p>Employers should also be aware that egregious violations of privacy may open them up to
 civil damages, including class action lawsuits. Legislatures and the courts are recognizing
-privacy rights and providing opportunities for civil remedies.
+privacy rights and providing opportunities for civil remedies.</p>
-In drawing up its legislation for the protection of personal information, the Canadian
+<p>In drawing up its legislation for the protection of personal information, the Canadian
 government based its privacy provisions on a set of guidelines that had been developed by
 the Canadian Standards Association in its Model Code for the Protection of Personal
 Information.</p>
@@ -375,40 +375,57 @@ Information.</p>
 developed with input from organizations, governments, consumer associations and other
 privacy stakeholders. They are incorporated in Federal private sector privacy legislation and
 have become the generally accepted framework for evaluating privacy processes and systems
-in Canada2.
+in Canada.</p>
-Principle 1. Accountability
+<section id="principle-1-accountability">
-An organization is responsible for personal information under its control and shall designate
+<h4><span class="section-number">2.6.1.1. </span>Principle 1. Accountability<a class="headerlink" href="#principle-1-accountability" title="Link to this heading">¶</a></h4>
 <p>An organization is responsible for personal information under its control and shall designate
 an individual or individuals to be accountable for the organization’s compliance with the
-following principles.
+following principles.</p>
-Principle 2. Identifying Purposes
+</section>
-The purposes for which personal information is collected shall be identified by the
+<section id="principle-2-identifying-purposes">
-organization at or before the time the information is collected.
+<h4><span class="section-number">2.6.1.2. </span>Principle 2. Identifying Purposes<a class="headerlink" href="#principle-2-identifying-purposes" title="Link to this heading">¶</a></h4>
-Principle 3. Consent
+<p>The purposes for which personal information is collected shall be identified by the
-The knowledge and consent of the individual are required for the collection, use, or
+organization at or before the time the information is collected.</p>
 </section>
 <section id="principle-3-consent">
 <h4><span class="section-number">2.6.1.3. </span>Principle 3. Consent<a class="headerlink" href="#principle-3-consent" title="Link to this heading">¶</a></h4>
 <p>The knowledge and consent of the individual are required for the collection, use, or
 disclosure of personal information, except where inappropriate. Note: In certain
 circumstances, personal information can be collected, used, or disclosed without the
 knowledge and consent of the individual. For example, legal, medical, or security reasons
-may make it impossible or impractical to seek consent.
+may make it impossible or impractical to seek consent.</p>
-Principle 4. Limiting Collection
+</section>
-The collection of personal information shall be limited to that which is necessary for the
+<section id="principle-4-limiting-collection">
 <h4><span class="section-number">2.6.1.4. </span>Principle 4. Limiting Collection<a class="headerlink" href="#principle-4-limiting-collection" title="Link to this heading">¶</a></h4>
 <p>The collection of personal information shall be limited to that which is necessary for the
 purposes identified by the organization. Information shall be collected by fair and lawful
-means.
+means.</p>
-Principle 5. Limiting Use, Disclosure, and Retention
+</section>
-Personal information shall not be used or disclosed for purposes other than those for which it
+<section id="principle-5-limiting-use-disclosure-and-retention">
 <h4><span class="section-number">2.6.1.5. </span>Principle 5. Limiting Use, Disclosure, and Retention<a class="headerlink" href="#principle-5-limiting-use-disclosure-and-retention" title="Link to this heading">¶</a></h4>
 <p>Personal information shall not be used or disclosed for purposes other than those for which it
 was collected, except with the consent of the individual or as required by law. Personal
 information shall be retained only as long as is necessary for the fulfillment of those
-purposes.
+purposes.</p>
-Principle 6. Accuracy
+</section>
-Personal information shall be as accurate, complete, and up-to-date as is necessary for the
+<section id="principle-6-accuracy">
-purposes for which it is to be used.
+<h4><span class="section-number">2.6.1.6. </span>Principle 6. Accuracy<a class="headerlink" href="#principle-6-accuracy" title="Link to this heading">¶</a></h4>
-Principle 7. Safeguards
+<p>Personal information shall be as accurate, complete, and up-to-date as is necessary for the
-Personal information shall be protected by security safeguards appropriate to the sensitivity
+purposes for which it is to be used.</p>
-of the information.
+</section>
-Principle 8. Openness
+<section id="principle-7-safeguards">
-An organization shall make readily available to individuals specific information about its
+<h4><span class="section-number">2.6.1.7. </span>Principle 7. Safeguards<a class="headerlink" href="#principle-7-safeguards" title="Link to this heading">¶</a></h4>
-policies and practices relating to the management of personal information.
+<p>Personal information shall be protected by security safeguards appropriate to the sensitivity
-Principle 9. Individual Access
+of the information.</p>
-Upon request, an individual shall be informed of the existence, use and disclosure of his or
+</section>
 <section id="principle-8-openness">
 <h4><span class="section-number">2.6.1.8. </span>Principle 8. Openness<a class="headerlink" href="#principle-8-openness" title="Link to this heading">¶</a></h4>
 <p>An organization shall make readily available to individuals specific information about its
 policies and practices relating to the management of personal information.</p>
 </section>
 <section id="principle-9-individual-access">
 <h4><span class="section-number">2.6.1.9. </span>Principle 9. Individual Access<a class="headerlink" href="#principle-9-individual-access" title="Link to this heading">¶</a></h4>
 <p>Upon request, an individual shall be informed of the existence, use and disclosure of his or
 her personal information and shall be given access to that information. An individual shall be
 able to challenge the accuracy and completeness of the information and have it amended as
 appropriate. In certain situations, an organization may not be able to provide access to all the
@@ -418,15 +435,16 @@ individual upon request. Exceptions may include information that is prohibitivel
 provide, information that contains references to other individuals, information that cannot be
 disclosed for legal, security, or commercial proprietary reasons, and information that is
 subject to solicitor-client or litigation privilege.</p>
 </section>
 <section id="principle-10-challenging-compliance">
-<h4><span class="section-number">2.6.1.1. </span>Principle 10. Challenging Compliance<a class="headerlink" href="#principle-10-challenging-compliance" title="Link to this heading">¶</a></h4>
+<h4><span class="section-number">2.6.1.10. </span>Principle 10. Challenging Compliance<a class="headerlink" href="#principle-10-challenging-compliance" title="Link to this heading">¶</a></h4>
 <p>An individual shall be able to address a challenge concerning compliance with the above
 principles to the designated individual or individuals accountable for the organization’s
 compliance.</p>
 </section>
 </section>
-<section id="the-personal-information-protection-and-electronic-documents-act-pipeda">
+<section id="pipeda">
-<h3><span class="section-number">2.6.2. </span>The Personal Information Protection and Electronic Documents Act (PIPEDA)<a class="headerlink" href="#the-personal-information-protection-and-electronic-documents-act-pipeda" title="Link to this heading">¶</a></h3>
+<h3><span class="section-number">2.6.2. </span>PIPEDA<a class="headerlink" href="#pipeda" title="Link to this heading">¶</a></h3>
 <p>The federal government drew upon the CSA Privacy Principles in its drafting of the federal
 Personal Information Protection and Electronic Documents Act (PIPEDA) and the spirit and
 much of the wording of the principles can be found throughout PIPEDA.</p>
@@ -456,13 +474,14 @@ employees, or terminated employees to collect, use, and disclose information abo
 person where the information is necessary for the creation, maintenance, and termination of
 the employment relationship. It is, however, the case that the employer will provide notice to
 the employee so that they are knowledgeable with respect to the information that the
-employer collects, uses, and discloses.
+employer collects, uses, and discloses.</p>
-This notice should be provided to prospective employees as part of the recruitment process
+<p>This notice should be provided to prospective employees as part of the recruitment process
 and also as part of the on-boarding process. In addition, if there are changes to personal data
 practices for employee information, employees should be informed about such changes in a
 timely manner.</p>
 </div>
-<p><strong>Consent</strong></p>
+<section id="consent">
 <h4><span class="section-number">2.6.2.1. </span>Consent<a class="headerlink" href="#consent" title="Link to this heading">¶</a></h4>
 <p>According to PIPEDA, employers must obtain an employee’s consent before they collect
 personal information where that information is not required for the employment relationship.
 Further, the information collected must be for a specific purpose and must be destroyed once
@@ -484,7 +503,9 @@ information. It is critical for those working in payroll to be aware of the requ
 privacy legislation that applies to their employees and to have the necessary procedures in
 place to comply with the legislation. If an employee chooses not to disclose the information
 and is not required to do so by law, an employer cannot force an employee to divulge it.</p>
-<p><strong>Exceptions to Consent Requirement</strong></p>
+</section>
 <section id="exceptions-to-consent-requirement">
 <h4><span class="section-number">2.6.2.2. </span>Exceptions to Consent Requirement<a class="headerlink" href="#exceptions-to-consent-requirement" title="Link to this heading">¶</a></h4>
 <p>Subparagraph 7(3) of the Personal Information Protection and Electronic Documents Act
 (Bill C6) allows an employer to disclose personal information without the knowledge or
 consent of the individual if the disclosure is made to a government institution which has
@@ -504,8 +525,10 @@ employment relationship between the federal work, undertaking or business and th
 individual; and
 (b) the federal work, undertaking or business has informed the individual that the personal
 information will be or may be collected, used or disclosed for those purposes”.</p>
-<p>Use and Storage of Personal Information
+</section>
-According to PIPEDA, organizations can only use information for the purpose for which it
+<section id="use-and-storage-of-personal-information">
 <h4><span class="section-number">2.6.2.3. </span>Use and Storage of Personal Information<a class="headerlink" href="#use-and-storage-of-personal-information" title="Link to this heading">¶</a></h4>
 <p>According to PIPEDA, organizations can only use information for the purpose for which it
 was collected. Employers must fully disclose in writing to the employee the reasons why
 they require the information, as well as what will be done with it.</p>
 <p>Personal information must not be disclosed to external stakeholders without the employee’s
@@ -517,8 +540,10 @@ to comply with employment/labour standards or human rights legislation. For exam
 accommodate an employee for religious days and holidays, an employer needs to know about
 the employee’s religious beliefs. To seek out this type of information for any other reason
 invades the individual’s right to privacy.</p>
-<p>Limitations on Use - the Social Insurance Number example
+</section>
-The purpose of a social insurance number (SIN) is to identify an individual for specific
+<section id="limitations-on-use-the-social-insurance-number-example">
 <h4><span class="section-number">2.6.2.4. </span>Limitations on Use - the Social Insurance Number example<a class="headerlink" href="#limitations-on-use-the-social-insurance-number-example" title="Link to this heading">¶</a></h4>
 <p>The purpose of a social insurance number (SIN) is to identify an individual for specific
 government programs. This information may not be collected, stored, used or disclosed for
 any other purpose without the employee’s consent. Where the SIN is to be used for purposes
 of identification, an organization must provide a convenient method for the employee to
@@ -535,6 +560,7 @@ They should not be used as an identifier by any organization other than the gove
 agencies mentioned above, unless the employee provides written consent to do so.</p>
 </section>
 </section>
 </section>
 <section id="pension-benefits-standards-act">
 <h2><span class="section-number">2.7. </span>Pension Benefits Standards Act<a class="headerlink" href="#pension-benefits-standards-act" title="Link to this heading">¶</a></h2>
 </section>
@@ -689,10 +715,25 @@ in your organization’s privacy policy.</p>
 <li><a class="reference internal" href="#statistics-canada">2.5. Statistics Canada</a></li>
 <li><a class="reference internal" href="#personal-privacy">2.6. Personal Privacy</a><ul>
 <li><a class="reference internal" href="#the-privacy-principles">2.6.1. The Privacy Principles</a><ul>
-<li><a class="reference internal" href="#principle-10-challenging-compliance">2.6.1.1. Principle 10. Challenging Compliance</a></li>
+<li><a class="reference internal" href="#principle-1-accountability">2.6.1.1. Principle 1. Accountability</a></li>
 <li><a class="reference internal" href="#principle-2-identifying-purposes">2.6.1.2. Principle 2. Identifying Purposes</a></li>
 <li><a class="reference internal" href="#principle-3-consent">2.6.1.3. Principle 3. Consent</a></li>
 <li><a class="reference internal" href="#principle-4-limiting-collection">2.6.1.4. Principle 4. Limiting Collection</a></li>
 <li><a class="reference internal" href="#principle-5-limiting-use-disclosure-and-retention">2.6.1.5. Principle 5. Limiting Use, Disclosure, and Retention</a></li>
 <li><a class="reference internal" href="#principle-6-accuracy">2.6.1.6. Principle 6. Accuracy</a></li>
 <li><a class="reference internal" href="#principle-7-safeguards">2.6.1.7. Principle 7. Safeguards</a></li>
 <li><a class="reference internal" href="#principle-8-openness">2.6.1.8. Principle 8. Openness</a></li>
 <li><a class="reference internal" href="#principle-9-individual-access">2.6.1.9. Principle 9. Individual Access</a></li>
 <li><a class="reference internal" href="#principle-10-challenging-compliance">2.6.1.10. Principle 10. Challenging Compliance</a></li>
 </ul>
 </li>
 <li><a class="reference internal" href="#pipeda">2.6.2. PIPEDA</a><ul>
 <li><a class="reference internal" href="#consent">2.6.2.1. Consent</a></li>
 <li><a class="reference internal" href="#exceptions-to-consent-requirement">2.6.2.2. Exceptions to Consent Requirement</a></li>
 <li><a class="reference internal" href="#use-and-storage-of-personal-information">2.6.2.3. Use and Storage of Personal Information</a></li>
 <li><a class="reference internal" href="#limitations-on-use-the-social-insurance-number-example">2.6.2.4. Limitations on Use - the Social Insurance Number example</a></li>
 </ul>
 </li>
 <li><a class="reference internal" href="#the-personal-information-protection-and-electronic-documents-act-pipeda">2.6.2. The Personal Information Protection and Electronic Documents Act (PIPEDA)</a></li>
 </ul>
 </li>
 <li><a class="reference internal" href="#pension-benefits-standards-act">2.7. Pension Benefits Standards Act</a></li>
--- a/docs/build/html/_sources/2_compliance.rst.txt
+++ b/docs/build/html/_sources/2_compliance.rst.txt
@@ -312,12 +312,15 @@ Statistics Canada
 ~~~~~~~~~~~~~~~~~~~~~
 Statistics Canada produces statistics that help Canadians better understand their country—its
 population, resources, economy, society and culture.
-In Canada, providing statistics is a federal responsibility. As Canada’s central statistical
+
 In Canada, providing statistics is a federal responsibility. As Canada's central statistical
 agency, Statistics Canada is legislated under the Statistics Act to serve this function for the
 whole of Canada and each of the provinces/territories.
 Objective statistical information is vital to an open and democratic society. It provides a solid
 foundation for informed decisions by elected representatives, businesses, unions and non-
 profit organizations, as well as individual Canadians.
 Statistics Canada is committed to protecting the confidentiality of all information entrusted to
 them and to ensure that the information delivered is timely and relevant to Canadians.
@@ -327,18 +330,21 @@ The Canadian federal government and all provincial governments have legislation
 limits on the collection, use or disclosure of personal information. Private sector privacy laws
 in Canada currently only cover the employee personal information of employees that work
 for federally regulated companies or who are located in one of the four provinces with
-provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec1.
+provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Québec.
 Public sector employees have some privacy protection under all jurisdictions except Ontario
 which excludes employee information from its public sector privacy legislation. Employees
 who are covered by a collective agreement also have statutory privacy protection based on
 arbitral jurisprudence and their particular collective agreement. Therefore, approximately
 half of workers in Canada have privacy rights backed by legislation, while the remaining
-50% of the country’s more than 20 million or so workers have privacy rights that are either
+50% of the country's more than 20 million or so workers have privacy rights that are either
 voluntarily set in place by employers who have developed employee privacy codes or have
 privacy rights because they have a collective agreement in place.
 Employers should also be aware that egregious violations of privacy may open them up to
 civil damages, including class action lawsuits. Legislatures and the courts are recognizing
 privacy rights and providing opportunities for civil remedies.
 In drawing up its legislation for the protection of personal information, the Canadian
 government based its privacy provisions on a set of guidelines that had been developed by
 the Canadian Standards Association in its Model Code for the Protection of Personal
@@ -351,39 +357,65 @@ The Canadian Standards Association (CSA) Model Code is a set of principles that
 developed with input from organizations, governments, consumer associations and other
 privacy stakeholders. They are incorporated in Federal private sector privacy legislation and
 have become the generally accepted framework for evaluating privacy processes and systems
-in Canada2.
+in Canada.
 Principle 1. Accountability
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 An organization is responsible for personal information under its control and shall designate
 an individual or individuals to be accountable for the organization's compliance with the
 following principles.
 Principle 2. Identifying Purposes
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The purposes for which personal information is collected shall be identified by the
 organization at or before the time the information is collected.
 Principle 3. Consent
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The knowledge and consent of the individual are required for the collection, use, or
 disclosure of personal information, except where inappropriate. Note: In certain
 circumstances, personal information can be collected, used, or disclosed without the
 knowledge and consent of the individual. For example, legal, medical, or security reasons
 may make it impossible or impractical to seek consent.
 Principle 4. Limiting Collection
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The collection of personal information shall be limited to that which is necessary for the
 purposes identified by the organization. Information shall be collected by fair and lawful
 means.
 Principle 5. Limiting Use, Disclosure, and Retention
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Personal information shall not be used or disclosed for purposes other than those for which it
 was collected, except with the consent of the individual or as required by law. Personal
 information shall be retained only as long as is necessary for the fulfillment of those
 purposes.
 Principle 6. Accuracy
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Personal information shall be as accurate, complete, and up-to-date as is necessary for the
 purposes for which it is to be used.
 Principle 7. Safeguards
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Personal information shall be protected by security safeguards appropriate to the sensitivity
 of the information.
 Principle 8. Openness
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 An organization shall make readily available to individuals specific information about its
 policies and practices relating to the management of personal information.
 Principle 9. Individual Access
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Upon request, an individual shall be informed of the existence, use and disclosure of his or
 her personal information and shall be given access to that information. An individual shall be
 able to challenge the accuracy and completeness of the information and have it amended as
@@ -402,7 +434,7 @@ An individual shall be able to address a challenge concerning compliance with th
 principles to the designated individual or individuals accountable for the organization's
 compliance.
-The Personal Information Protection and Electronic Documents Act (PIPEDA)
+PIPEDA
 --------------------------------------------------------------------------
 The federal government drew upon the CSA Privacy Principles in its drafting of the federal
 Personal Information Protection and Electronic Documents Act (PIPEDA) and the spirit and
@@ -439,12 +471,14 @@ plans that require the collection of even greater amounts of personal data.
    the employment relationship. It is, however, the case that the employer will provide notice to
    the employee so that they are knowledgeable with respect to the information that the
    employer collects, uses, and discloses.
    This notice should be provided to prospective employees as part of the recruitment process
    and also as part of the on-boarding process. In addition, if there are changes to personal data
    practices for employee information, employees should be informed about such changes in a
    timely manner.
-**Consent**
+Consent
 ^^^^^^^^
 According to PIPEDA, employers must obtain an employee's consent before they collect
 personal information where that information is not required for the employment relationship.
@@ -472,7 +506,8 @@ privacy legislation that applies to their employees and to have the necessary pr
 place to comply with the legislation. If an employee chooses not to disclose the information
 and is not required to do so by law, an employer cannot force an employee to divulge it.
-**Exceptions to Consent Requirement**
+Exceptions to Consent Requirement
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Subparagraph 7(3) of the Personal Information Protection and Electronic Documents Act
 (Bill C6) allows an employer to disclose personal information without the knowledge or
@@ -497,6 +532,8 @@ individual; and
 information will be or may be collected, used or disclosed for those purposes”.
 Use and Storage of Personal Information
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 According to PIPEDA, organizations can only use information for the purpose for which it
 was collected. Employers must fully disclose in writing to the employee the reasons why
 they require the information, as well as what will be done with it.
@@ -513,6 +550,8 @@ the employee's religious beliefs. To seek out this type of information for any o
 invades the individual's right to privacy.
 Limitations on Use - the Social Insurance Number example
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The purpose of a social insurance number (SIN) is to identify an individual for specific
 government programs. This information may not be collected, stored, used or disclosed for
 any other purpose without the employee's consent. Where the SIN is to be used for purposes
--- a/docs/build/html/index.html
+++ b/docs/build/html/index.html
@@ -85,7 +85,7 @@ to confidently perform essential payroll functions encountered in day-to-day ope
 <li class="toctree-l2"><a class="reference internal" href="2_compliance.html#statistics-canada">2.5. Statistics Canada</a></li>
 <li class="toctree-l2"><a class="reference internal" href="2_compliance.html#personal-privacy">2.6. Personal Privacy</a><ul>
 <li class="toctree-l3"><a class="reference internal" href="2_compliance.html#the-privacy-principles">2.6.1. The Privacy Principles</a></li>
-<li class="toctree-l3"><a class="reference internal" href="2_compliance.html#the-personal-information-protection-and-electronic-documents-act-pipeda">2.6.2. The Personal Information Protection and Electronic Documents Act (PIPEDA)</a></li>
+<li class="toctree-l3"><a class="reference internal" href="2_compliance.html#pipeda">2.6.2. PIPEDA</a></li>
 </ul>
 </li>
 <li class="toctree-l2"><a class="reference internal" href="2_compliance.html#pension-benefits-standards-act">2.7. Pension Benefits Standards Act</a></li>
--- a/docs/build/html/searchindex.js
+++ b/docs/build/html/searchindex.js
--- a/docs/build/simplepdf/.buildinfo
+++ b/docs/build/simplepdf/.buildinfo
@@ -1,4 +1,4 @@
 # Sphinx build info version 1
 # This file records the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: 764301d1f33bee9d180cae81411c038c
+config: 05adfde78bb1ac24db87a63557140a07
 tags: 62a1e7829a13fc7881b6498c52484ec0
--- a/docs/build/simplepdf/index.html
+++ b/docs/build/simplepdf/index.html
@@ -211,8 +211,8 @@
           </a>
          </li>
          <li class="toctree-l3">
-           <a class="reference internal" href="#the-personal-information-protection-and-electronic-documents-act-pipeda">
+           <a class="reference internal" href="#pipeda">
-            2.6.2. The Personal Information Protection and Electronic Documents Act (PIPEDA)
+            2.6.2. PIPEDA
           </a>
          </li>
         </ul>
@@ -2024,12 +2024,18 @@ applicable statutory deductions.
          <p>
           Statistics Canada produces statistics that help Canadians better understand their country&mdash;its
 population, resources, economy, society and culture.
          </p>
          <p>
           In Canada, providing statistics is a federal responsibility. As Canada&rsquo;s central statistical
 agency, Statistics Canada is legislated under the Statistics Act to serve this function for the
 whole of Canada and each of the provinces/territories.
          </p>
          <p>
           Objective statistical information is vital to an open and democratic society. It provides a solid
 foundation for informed decisions by elected representatives, businesses, unions and non-
 profit organizations, as well as individual Canadians.
          </p>
          <p>
           Statistics Canada is committed to protecting the confidentiality of all information entrusted to
 them and to ensure that the information delivered is timely and relevant to Canadians.
          </p>
@@ -2046,7 +2052,9 @@ them and to ensure that the information delivered is timely and relevant to Cana
 limits on the collection, use or disclosure of personal information. Private sector privacy laws
 in Canada currently only cover the employee personal information of employees that work
 for federally regulated companies or who are located in one of the four provinces with
-provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Qu&eacute;bec1.
+provincial private sector privacy laws: Alberta, British Columbia, Manitoba and Qu&eacute;bec.
          </p>
          <p>
           Public sector employees have some privacy protection under all jurisdictions except Ontario
 which excludes employee information from its public sector privacy legislation. Employees
 who are covered by a collective agreement also have statutory privacy protection based on
@@ -2055,9 +2063,13 @@ half of workers in Canada have privacy rights backed by legislation, while the r
 50% of the country&rsquo;s more than 20 million or so workers have privacy rights that are either
 voluntarily set in place by employers who have developed employee privacy codes or have
 privacy rights because they have a collective agreement in place.
          </p>
          <p>
           Employers should also be aware that egregious violations of privacy may open them up to
 civil damages, including class action lawsuits. Legislatures and the courts are recognizing
 privacy rights and providing opportunities for civil remedies.
          </p>
          <p>
           In drawing up its legislation for the protection of personal information, the Canadian
 government based its privacy provisions on a set of guidelines that had been developed by
 the Canadian Standards Association in its Model Code for the Protection of Personal
@@ -2075,39 +2087,119 @@ Information.
 developed with input from organizations, governments, consumer associations and other
 privacy stakeholders. They are incorporated in Federal private sector privacy legislation and
 have become the generally accepted framework for evaluating privacy processes and systems
-in Canada2.
+in Canada.
           </p>
           <section id="principle-1-accountability">
            <h5>
             Principle 1. Accountability
             <a class="headerlink" href="#principle-1-accountability" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             An organization is responsible for personal information under its control and shall designate
 an individual or individuals to be accountable for the organization&rsquo;s compliance with the
 following principles.
            </p>
           </section>
           <section id="principle-2-identifying-purposes">
            <h5>
             Principle 2. Identifying Purposes
             <a class="headerlink" href="#principle-2-identifying-purposes" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             The purposes for which personal information is collected shall be identified by the
 organization at or before the time the information is collected.
            </p>
           </section>
           <section id="principle-3-consent">
            <h5>
             Principle 3. Consent
             <a class="headerlink" href="#principle-3-consent" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             The knowledge and consent of the individual are required for the collection, use, or
 disclosure of personal information, except where inappropriate. Note: In certain
 circumstances, personal information can be collected, used, or disclosed without the
 knowledge and consent of the individual. For example, legal, medical, or security reasons
 may make it impossible or impractical to seek consent.
            </p>
           </section>
           <section id="principle-4-limiting-collection">
            <h5>
             Principle 4. Limiting Collection
             <a class="headerlink" href="#principle-4-limiting-collection" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             The collection of personal information shall be limited to that which is necessary for the
 purposes identified by the organization. Information shall be collected by fair and lawful
 means.
            </p>
           </section>
           <section id="principle-5-limiting-use-disclosure-and-retention">
            <h5>
             Principle 5. Limiting Use, Disclosure, and Retention
             <a class="headerlink" href="#principle-5-limiting-use-disclosure-and-retention" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             Personal information shall not be used or disclosed for purposes other than those for which it
 was collected, except with the consent of the individual or as required by law. Personal
 information shall be retained only as long as is necessary for the fulfillment of those
 purposes.
            </p>
           </section>
           <section id="principle-6-accuracy">
            <h5>
             Principle 6. Accuracy
             <a class="headerlink" href="#principle-6-accuracy" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             Personal information shall be as accurate, complete, and up-to-date as is necessary for the
 purposes for which it is to be used.
            </p>
           </section>
           <section id="principle-7-safeguards">
            <h5>
             Principle 7. Safeguards
             <a class="headerlink" href="#principle-7-safeguards" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             Personal information shall be protected by security safeguards appropriate to the sensitivity
 of the information.
            </p>
           </section>
           <section id="principle-8-openness">
            <h5>
             Principle 8. Openness
             <a class="headerlink" href="#principle-8-openness" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             An organization shall make readily available to individuals specific information about its
 policies and practices relating to the management of personal information.
            </p>
           </section>
           <section id="principle-9-individual-access">
            <h5>
             Principle 9. Individual Access
             <a class="headerlink" href="#principle-9-individual-access" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             Upon request, an individual shall be informed of the existence, use and disclosure of his or
 her personal information and shall be given access to that information. An individual shall be
 able to challenge the accuracy and completeness of the information and have it amended as
@@ -2119,6 +2211,7 @@ provide, information that contains references to other individuals, information
 disclosed for legal, security, or commercial proprietary reasons, and information that is
 subject to solicitor-client or litigation privilege.
            </p>
           </section>
           <section id="principle-10-challenging-compliance">
            <h5>
             Principle 10. Challenging Compliance
@@ -2133,10 +2226,10 @@ compliance.
            </p>
           </section>
          </section>
-          <section id="the-personal-information-protection-and-electronic-documents-act-pipeda">
+          <section id="pipeda">
           <h4>
-            The Personal Information Protection and Electronic Documents Act (PIPEDA)
+            PIPEDA
-            <a class="headerlink" href="#the-personal-information-protection-and-electronic-documents-act-pipeda" title="Link to this heading">
+            <a class="headerlink" href="#pipeda" title="Link to this heading">
             &para;
            </a>
           </h4>
@@ -2183,17 +2276,21 @@ person where the information is necessary for the creation, maintenance, and ter
 the employment relationship. It is, however, the case that the employer will provide notice to
 the employee so that they are knowledgeable with respect to the information that the
 employer collects, uses, and discloses.
            </p>
            <p>
             This notice should be provided to prospective employees as part of the recruitment process
 and also as part of the on-boarding process. In addition, if there are changes to personal data
 practices for employee information, employees should be informed about such changes in a
 timely manner.
            </p>
           </div>
-           <p>
+           <section id="consent">
-            <strong>
+            <h5>
             Consent
-            </strong>
+             <a class="headerlink" href="#consent" title="Link to this heading">
-           </p>
+              &para;
             </a>
            </h5>
            <p>
             According to PIPEDA, employers must obtain an employee&rsquo;s consent before they collect
 personal information where that information is not required for the employment relationship.
@@ -2235,11 +2332,14 @@ privacy legislation that applies to their employees and to have the necessary pr
 place to comply with the legislation. If an employee chooses not to disclose the information
 and is not required to do so by law, an employer cannot force an employee to divulge it.
            </p>
-           <p>
+           </section>
-            <strong>
+           <section id="exceptions-to-consent-requirement">
            <h5>
             Exceptions to Consent Requirement
-            </strong>
+             <a class="headerlink" href="#exceptions-to-consent-requirement" title="Link to this heading">
-           </p>
+              &para;
             </a>
            </h5>
            <p>
             Subparagraph 7(3) of the Personal Information Protection and Electronic Documents Act
 (Bill C6) allows an employer to disclose personal information without the knowledge or
@@ -2265,8 +2365,15 @@ individual; and
 (b) the federal work, undertaking or business has informed the individual that the personal
 information will be or may be collected, used or disclosed for those purposes&rdquo;.
            </p>
-           <p>
+           </section>
           <section id="use-and-storage-of-personal-information">
            <h5>
             Use and Storage of Personal Information
             <a class="headerlink" href="#use-and-storage-of-personal-information" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             According to PIPEDA, organizations can only use information for the purpose for which it
 was collected. Employers must fully disclose in writing to the employee the reasons why
 they require the information, as well as what will be done with it.
@@ -2284,8 +2391,15 @@ accommodate an employee for religious days and holidays, an employer needs to kn
 the employee&rsquo;s religious beliefs. To seek out this type of information for any other reason
 invades the individual&rsquo;s right to privacy.
            </p>
-           <p>
+           </section>
           <section id="limitations-on-use-the-social-insurance-number-example">
            <h5>
             Limitations on Use - the Social Insurance Number example
             <a class="headerlink" href="#limitations-on-use-the-social-insurance-number-example" title="Link to this heading">
              &para;
             </a>
            </h5>
            <p>
             The purpose of a social insurance number (SIN) is to identify an individual for specific
 government programs. This information may not be collected, stored, used or disclosed for
 any other purpose without the employee&rsquo;s consent. Where the SIN is to be used for purposes
@@ -2310,6 +2424,7 @@ agencies mentioned above, unless the employee provides written consent to do so.
            </p>
           </section>
          </section>
         </section>
         <section id="pension-benefits-standards-act">
          <h3>
           Pension Benefits Standards Act