PIPEDA (Personal Information Protection and Electronic Documents Act) compliance
PIPEDA principles applying to mobile data
Principle 7: Safeguards
Principle 7 outlines the obligation for organizations to protect personal information with appropriate security measures against loss, theft, unauthorized access, disclosure, copying, use, or modification. Organizations developing mobile apps or handling personal data on mobile devices must implement reasonable safeguards to secure that information.
How to comply
To comply with PIPEDA, organizations must protect all devices, applications, and environments where customer data is stored or accessed, including mobile endpoints.
For mobile applications, it involves ensuring that apps handle data securely and correcting risky behaviors and vulnerabilities through Static Application Security Testing and Compliance Audits
For a mobile device fleet, this means enforcing threat detection and response through a Mobile Threat Defense solution, which protects smartphones and tablets from malware, phishing, and network exploits that can lead to personal data theft or leakage.