In this guidance note, we describe the qualifications and duties of Privacy Officers and direct organisations and individuals to links with additional resources.
The Personal Information Protection Act (PIPA), section 5, "Responsibility and compliance" contains the following requirements:
(4) An organisation shall designate a representative (“privacy officer”) for the purposes of compliance with this Act who will have primary responsibility for communicating with the Commissioner.
(5) A group of organisations under common ownership or control, may appoint a single privacy officer provided that a privacy officer is accessible from each organisation.
(6) A privacy officer designated under subsection (4) may delegate his duties to one or more individuals.
(7) In meeting its responsibilities under this Act, an organisation shall act in a reasonable manner.
These provisions contain some flexibility, which can be useful since every organisation is different.