Bob Milliken
Bob Milliken

In Canada, the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) sets out ground rules for how private sector organizations may collect, use and disclose personal information in the course of commercial activities.
Regardless of the size of your business (from the world’s largest corporations to small Internet stores), compliance with PIPEDA is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure.
If your company is not fully compliant your business could be at could be at serious risk. Fines for non-compliance can be hefty and you can be sure that the courts will not favour you if you have not been compliant.
Avoid these 5 mistakes to keep your company out of hot water:

1. Storing Cardholder Data in Noncompliant Programs

Data breaches laws are working their way through Canada – Alberta, British Columbia and Québec have each enacted comprehensive private-sector privacy legislation. Storing data in non-compliant programs is one sure way to get you in hot water in the event of a data breach.

2. Fibbing On The Self-Assessment Questionnaire

If you have considered tampering with the reports from your company’s Approved Scanning Vendor, think again. Time invested now to fix any holes in your data security system could save you big-time from the penalties your company could suffer if there’s ever a data breach.
The same thing applies to simply “fudging the truth” on self-prepared compliance reports. Even if you think it’s a harmless stretch of the truth, don’t do it.

3. Not Using The Right Qualified Security Assessor

Using a Qualified Security Assessor to help your company maintain compliance is a good idea, but it’s important to select someone who both understands your business and stays up-to-date on the latest version of the standards and the legislation.

4.Trying To Resolve Data Compromises Under The Radar

You may be tempted to fix a customer’s complaint yourself if they inform you of a data compromise. Not informing credit card companies of data breaches, however small, can lead to you no longer having access to their services. Those credit card companies can then file suit against your company, a costly exercise you want to avoid.

5. Not Checking ID For Point-Of-Sale Credit Card Use

Sometimes it seems like no one checks IDs against the credit cards being used, so merchants tend to be lax about doing so. Unfortunately, running just one unauthorized credit card could cost you a lot in the long run.

Let us help! It pays to pay attention to the need for compliance – a little time invested today could save you a lot of hassle tomorrow. Turn to online payment processing services like PayFirma and accept credit cards and all forms of payments. Anytime. Anywhere.

Bob Milliken is the president of Cascadia Systems Group. Connect with Bob at, or give us a call – 604.270.1730. Your comments are appreciated –