ePACT’s Privacy & Security Compliance

Government regulations, industry licensing, and organizational mandates for data collection, privacy, and security impact many community organizations, like youth recreation programs, sports associations, and schools. Maintaining the privacy and security of our users’ and clients’ data is ePACT’s top priority. ePACT meets, or exceeds, legislative privacy requirements for the US and Canada, uses the highest level of data encryption to keep data safe, and is compliant with the following privacy and security legislation:

Service Organization Control 2 (SOC2)

SOC2 is an auditing procedure that reports on organizational controls related to security, availability, processing integrity, confidentiality, and privacy when managing customer data. ePACT’s SOC2 certification is issued in accordance with the Attest Standards issued by the American Institute of CPAs (AICPA).

Freedom of Information & Protection of Privacy Act (FOIPPA) – Canada
Personal Information Protection & Electronic Documents Act (PIPEDA) – Canada

FOIPPA is provincial legislation that regulates the collection, storage, and use of personal information by public bodies, and PIPEDA is the federal privacy law for private-sector organizations that sets ground rules for how businesses must handle personal information during commercial activity. ePACT’s FOIPPA/PIPEDA compliance has been audited by Hooper Access & Privacy, demonstrating that ePACT protects personal privacy by prohibiting the unauthorized collection, use, disclosure, access, or storage of personal information.

Privacy Impact Assessment (PIA)

A Privacy Impact Assessment is conducted by organizations with access to sensitive, private data about individuals in, or flowing through, its system. ePACT has worked with consultants to complete a privacy impact assessment addressing the use of ePACT in a municipal setting (Parks & Recreation and Emergency Management). The PIA, which follows the standard British Columbia FOIPPA Template, can by used by organizations in assessing the privacy implications of ePACT, and also meets the requirements of BC Public Sector organizations required to complete their own PIA.

Higher Education Cloud Vendor Assessment – United States

This checklist is issued by the US Higher Education Information Security Council to ensure that cloud services are appropriately assessed for managing the risks to the confidentiality, integrity, and availability of sensitive institutional information and the personally identifiable information of constituents. ePACT’s Cloud Vendor Assessment was completed in accordance with the University of California, following standards set and used by all US university institutions.