Is Sumac PIPEDA compliant?

Is Sumac PIPEDA compliant?

General

Sumac supports all the technical requirements that enable an organization to be in compliance with the requirements of the PIPEDA or PHIPA standards.

Details

The basic things that Sumac does to comply with PIPEDA/PHIPA are:

a. require passwords and user profiles that restrict visibility of the data to authorized users

b. encrypt connections between Sumac and the database

c. provide mechanisms for updating information in the database

d. log access to the information in the database

e. do all the above things securely (the security of these things that is required for Sumac's PA-DSS certification exceeds what the PIPEDA/PHIPA standards require)

In the case of PIPEDA and PHIPA, most of the requirements are imposed on the organization (i.e. the organization using Sumac), not the Sumac software itself. A Sumac user that leaves print-outs of medical history lying around on their desk is not complying with PIPEDA and PHIPA (unless access to their desk is controlled), even though the Sumac software enables them to comply.