A Summary of The Personal Information Protection and Electronic Documents Act


The Personal Information Protection and Electronic Documents Act (PIPEDA) is a new law. It governs information held by private sector organizations, and deal with information collection, use and disclosure. It incorporates, as a schedule, the 10 Fair Information Practices, and creates an oversight and enforcement mechanism using the Federal Privacy Commissioner and the Federal Court.

What This Act Is Designed to Do

PIPEDA is designed to help protect the privacy of consumers in Canada. It does this by setting limits on - and rules for - the collection, use and disclosure of personal information collected in the course of commercial activities.

And it does so in a very simply way. It simply states that every organization that collects information must comply with the 10 Fair Information Practices set out in the Canadian Standards Association's Model Code.

In a nutshell, that means the information must be:
• gathered with your consent
• collected for a reasonable purpose
• used for the limited purposes for which it was gathered
• accurate
• open for your inspection and correction stored securely

What This Act Doesn't Apply To

PIPEDA is directed at fostering consumer confidence in commercial transactions and meeting the requirements of the European Union's Data Directive rather than creating an overall privacy protection scheme. As such, it does not apply to:
• any government institution to which the Privacy Act applies
• any individual in respect of personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose
• personal information collected used or discloses for journalistic, artistic or literary purposes and does not collect, use or disclose for any other purpose
• non-commercial information gathering activities

Some Important Exceptions Dealing With Your Personal Information

The following exceptions are set out in PIPEDA:

In a commercial context, personal information may be gathered without the knowledge or consent of an individual if:
• the collection is clearly in the interests of the individual and consent cannot be obtained in a timely way
• it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; or
• the collection is solely for journalistic, artistic or literary purposes; or the information is publicly available and is specified by the regulations.
An organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is:
• made to an advocate or notary (Quebec) or a barrister or solicitor (all other provinces) representing the organization
• for the purpose of collecting a debt owed by the individual to the organization
• required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records
• made on the initiative of the organization to an investigative body and the information relates to an offence under the laws of Canada or a province that has been or is about to be committed, or to activities suspected of constituting threats to the security of Canada
• for statistical, or scholarly study or research, purposes that cannot be achieved without disclosing the information, it is impracticable to obtain consent and the organization informs the Privacy Commissioner of the disclosure before the information is disclosed.

Implementation Schedule

Phase 1
Beginning January 1, 2001, the law applies to:

• Federal works, undertakings or businesses, such as banks, telecommunications companies, airlines, railways and inter provincial trucking companies, and to the employee records in those organizations;
• Personal information disclosed across borders for consideration (e.g., the sale or lease of lists).

Phase 2
Beginning January 1, 2002, the law applies to:

• Personal health information collected, used or disclosed by organizations described under phase one of the law.

Phase 3
Beginning January 1, 2004, the law applies to:

• The collection, use and disclosure of personal information by any organization in the course of commercial activity within a province;
• All personal information in all inter provincial and international transactions by all organizations subject to the Act in the course of commercial activities.

The federal government may exempt organizations and/or activities in provinces that have adopted substantially similar legislation.

That means, beginning January 1, 2004, the privacy rights of all Canadians will be protected in one of two ways:

1. by the federal act, or;
2. by a provincial act that is substantially similar to the federal law.

[I think I Can] [Maslow Vs. Messer] [PIPEDA] [Prime Minister's Task Force] [2nd Chance]

[Home] [ What is ConnectUs] [Media Room]
[ConnectUs Advantage!]
[Testimonials] [ Contact Us]

ConnectUs Communications Canada
379A Kerr St., Oakville
ON L6K 3B9
Phone: (905) 337-9578

Web Site Design by InterDream Designs