Compliance with Act
11.—(1)  In meeting its responsibilities under this Act, an organisation shall consider what a reasonable person would consider appropriate in the circumstances.
(2)  An organisation is responsible for personal data in its possession or under its control.
(3)  An organisation shall designate one or more individuals to be responsible for ensuring that the organisation complies with this Act.
(4)  An individual designated under subsection (3) may delegate to another individual the responsibility conferred by that designation.
(5)  An organisation shall make available to the public the business contact information of at least one of the individuals designated under subsection (3) or delegated under subsection (4).
(6)  The designation of an individual by an organisation under subsection (3) shall not relieve the organisation of any of its obligations under this Act.
Policies and practices
12.  An organisation shall —
(a)develop and implement policies and practices that are necessary for the organisation to meet the obligations of the organisation under this Act;
(b)develop a process to receive and respond to complaints that may arise with respect to the application of this Act;
(c)communicate to its staff information about the organisation’s policies and practices referred to in paragraph (a); and
(d)make information available on request about —
(i)the policies and practices referred to in paragraph (a); and
(ii)the complaint process referred to in paragraph (b).