Who oversees privacy at your organization? Every entity in Canada is governed by at least one set of legislation concerning privacy and confidentiality. Step one would be finding out which Acts apply to you?
If PIPEDA applies to you there must be a privacy officer. That is one of the requirements under the Act. Depending on the size of the organization a privacy officer could be a full-time position or even the head of a department.
The role of the privacy officer is to assist in developing policies and procedures to make sure the organization is compliant with all the rules. The privacy officer also sets up training on the rules and monitors compliance. In the event of a complaint, it is the privacy officer who takes the complaint and does the initial investigation. A goal of the privacy officer would be to resolve the complaint internally.
No matter the size of your organization, someone has to accept the responsibility for ensuring the organization is compliant with all the applicable privacy legislation.