Personal Information Protection and Electronic Documents Act (PIPEDA)

 

This Canadian law establishes a right to the protection of personal information collected, used or disclosed in the course of commercial activities, in connection with the operation of a governmental work, undertaking, business whether internal to Canada or internationally.

 

PIPEDA establishes the following principles to govern the collection, use and disclosure of personal information:

 

(a)            accountability,

(b)           identifying the purposes for the collection of personal information,

(c)            obtaining consent,

(d)           limiting collection,

(e)            limiting use,

(f)             disclosure and retention,

(g)            ensuring accuracy,

(h)            providing adequate security,

(i)              making information management policies readily available,

(j)             providing individuals with access to information about themselves,

(k)           and giving individuals a right to challenge an organization's compliance with these principles.

 

A Privacy Commissioner has been created to receive complaints concerning violations of the principles, conduct investigations and attempt to resolve such complaints. Unresolved disputes relating to certain matters can be taken to the Canadian courts for resolution.

 

PIPEDA establishes a legislative scheme by which requirements in Canadian laws and regulations that contemplate the use of paper or do not expressly permit the use of electronic technology may be administered or complied with in the electronic environment.  Appropriate authorities are authorized to make regulations about how those requirements may be satisfied using electronic means.  In addition, the characteristics of secure electronic signatures are defined and described and grants authority to make regulations prescribing technologies or processes for the purpose of the definition "secure electronic signature".