Skip to content

Instantly share code, notes, and snippets.

@cuducos
Created July 28, 2022 21:05
Show Gist options
  • Save cuducos/70d4fc5c64a7a385e8fb213d26c8bfe0 to your computer and use it in GitHub Desktop.
Save cuducos/70d4fc5c64a7a385e8fb213d26c8bfe0 to your computer and use it in GitHub Desktop.
PIPEDA email

Dear,

I just received an email from {COMPANY_NAME} with the subject “{EMAIL_SUBJECT}.” As far as I am aware, I have not created an account, subscribed, shared my PII data, or consented to this commercial message, thus I consider it spam. Since it looks like you are definitely handling my PII data and actively processing it, as a resident of Canada, under my rights according to PIPEDA, I request:

  1. What is the Privacy Office within {COMPANY_NAME} in charge of ensuring compliance with Canada's data protection law?
  2. How my PII was collected?
  3. I see you have already collected my email address, but I don't see where I have consented to the collection of such personal information; can you clarify how you got my consent for processing my personal data?
  4. What are the measures {COMPANY_NAME} takes to ensure security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, or use of my personal information?
  5. Can I have a copy of all personally identifiable information {COMPANY_NAME} has on me?
  6. Can I have any personally identifiable data permanently deleted from {COMPANY_NAME} databases?

Please, address each question separately, referring to the numbering, to ensure clarification of all these points — again, as enforced by PIPEDA.

Best regards,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment