PIPEDA or S.C.2000, c.5 the Personal Information Protection and Electronic Documents Act
Details about the PIPEDA
The bill has been in effect since January 1, 2021.
PIPEDA regulates how the private sector handles personal data. According to the OPC, PIPEDA defines personal data as subjective information about an identifiable individual “in any form", such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).”
In order for a business to be PIPEDA compliant, it must always get the individual’s consent before collecting their personal data and that data can only be used for the sole purpose it was collected for. A new consent is needed if the data is about to be disclosed and used in any other way than was previously approved by the individual. People are entitled to access their data at any time and challenge its accuracy.