Personal Information Protection and Electronic Documents Act (PIPEDA)As of January 1st, 2004, all Canadian companies need to comply with PIPEDA: Personal Information Protection and Electronic Documents Act. The Act requires all Canadian companies to protect personal data. For more information on PIPEDA, visit: General Overview It comes as no surprise that many Canadians are concerned with the protection of their personal information in light of the growing shift towards e-commerce and the ability to easily create extensive data warehouses, where information may be transmitted across the country with the click of button. Individuals are concerned, and rightly so, about the protection of their personal, health, and financial information from unintended collection, use and disclosure. Since January 1, 2004, all private sector organizations collecting, using and disclosing personal information of third persons, such as customers and suppliers, in the course of their commercial activities are subject to the Federal Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA also applies to all personal information used and disclosed in all interprovincial and international transactions by all organizations subject to PIPEDA in the course of their commercial activities. While personal information of employees in the possession of employers is to be regulated by provincial laws. “Personal Information” has been interpreted to include any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form such as:
However, there is an exception for the type of information typically found on a business card. Information such as name, title, business address, and business telephone number of an employee is exempt and does not require special protection under PIPEDA. There are also other limited exceptions which include, medical emergencies, law enforcement and certain types of information currently available to the public. PIPEDA implements the Canadian Standards Model Code for the Protection of Personal Information as part of future business practices. These 10 Privacy Principles, listed below, will guide future practices involving personal information.
This legislation, and related provincial laws, affect business in several ways, one of the most notable being the requirement to obtain an individual’s consent when personal information is collected, used or disclosed. However, there are several acceptable forms of consent ranging from express written consent to implied consent to negative option consent, in which no response is deemed to be consent. Further, personal information may only be used for the purpose for which it was collected. If information is to be used for another purpose, consent must be obtained for the new purpose. An individual has a right to access personal information held about them and to challenge its accuracy, if need be. Steps must also be taken to ensure personal information is safeguarded, which may require locked cabinets, computer passwords, encryption and privacy computer monitor filters. Undoubtedly there are organizational benefits to be gained by observing the privacy principles and fair information practices set out in PIPEDA. A strong privacy policy supported by sound privacy procedures and a knowledgeable workforce will go far in strengthening consumer, as well as employee confidence. General Overview in PDF Format (PDF, 10 KB) |
Canada > Products & Services > Office > 3M™ Privacy Filters > Personal Information Protection and Electronic Documents Act (PIPEDA) | ||||||||||
| ||||||||||
