Section 11

In meeting its responsibilities under this Act, an organisation must consider what a reasonable person would consider appropriate in the circumstances.

An organisation is responsible for personal data in its possession or under its control.

An organisation must designate one or more individuals to be responsible for ensuring that the organisation complies with this Act.

An individual designated under subsection (3) may delegate to another individual the responsibility conferred by that designation.

An organisation must make available to the public the business contact information of at least one of the individuals designated under subsection (3) or delegated under subsection (4).

Without limiting subsection (5), an organisation is deemed to have satisfied that subsection if the organisation makes available the business contact information of any individual mentioned in subsection (3) in any prescribed manner.

The designation of an individual by an organisation under subsection (3) does not relieve the organisation of any of its obligations under this Act.