PIPEDA: Personal Information Act, Canada

Official Name

PIPEDA or S.C.2000, c.5 the Personal Information Protection and Electronic Documents Act

Details About the PIPEDA

The bill has been in effect since January 1, 2021. 

PIPEDA regulates how the private sector handles personal data. According to the OPC, PIPEDA defines personal data as subjective information about an identifiable individual “in any form", such as:

  • age, name, ID numbers, income, ethnic origin, or blood type;
  • opinions, evaluations, comments, social status, or disciplinary actions; and
  • employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).”

In order for a business to be PIPEDA compliant, it must always get the individual’s consent before collecting their personal data and that data can only be used for the sole purpose it was collected for. A new consent is needed if the data is about to be disclosed and used in any other way than was previously approved by the individual. People are entitled to access their data at any time and challenge its accuracy. 

Resources About the PIPEDA:

  • Official legislation here 
  • Article on our blog here
  • A legal perspective here 
up-arrow.svg