The Privacy Suite for WordPress

What is PIPEDA?

Get compliant today in the European Union, United States, Canada, United Kingdom, Australia, Brazil & South Africa with the only Privacy Suite for WordPress that offers a fully-featured plugin for Worldwide Compliance.

Share on facebook
Share on twitter
Share on linkedin

On June 18, 2015, the Digital Privacy Act received Royal Assent. The Act introduced a number of amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA), most of which are now in force.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal Canadian privacy law for private-sector organizations. It sets out the ground rules for how businesses must handle personal information in the course of their commercial activity.

The law defines a commercial activity as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.

There are a number of requirements to comply with the law. Organizations covered by PIPEDA must generally obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy.

Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Personal information must be protected by appropriate safeguards.

Related acts

Several provincial laws have been deemed substantially similar to the PIPEDA. Under paragraph 26(2)(b), the Governor in Council can exempt an organization or class of organizations, an activity or a class of activities from PIPEDA if the collection, use or disclosure of personal information occurs within a province that has legislation that has been deemed substantially similar to the PIPEDA. This means that wherever the substantially similar provincial law applies, that law applies instead of PIPEDA.

Not covered by PIPEDA

There are some instances where PIPEDA does not apply. Some examples include:

  • Personal information handled by federal government organizations listed under the Privacy Act
  • Provincial or territorial governments and their agents
  • Business contact information such as an employee’s name, title, business address, telephone number or email addresses that is collected, used or disclosed solely for the purpose of communicating with that person in relation to their employment or profession
  • An individual’s collection, use or disclosure of personal information strictly for personal purposes (e.g. personal greeting card list)
  • An organization’s collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes

Unless they are engaging in commercial activities that are not central to their mandate and involve personal information, PIPEDA does not generally apply to:

Municipalities, universities, schools, and hospitals are generally covered by provincial laws. PIPEDA may apply in certain situations.

Complianz can help you with PIPEDA and CASL.

The Privacy Suite for WordPress
Get compliant today with the only Privacy Suite made for WordPress
Dr. Mathieu Paapst LLM cipm

Dr. Mathieu Paapst LLM cipm

Expert IT and Privacy Law

Related articles

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!