What is a Personal Information Protection and Electronic Documents Act (PIPEDA, Canada)?

The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada. The act originally went into law on April 13, 2000 to foster trust in electronic commerce but has expanded since to include industries like banking, broadcasting, and the health sector. The purpose of the law – per legislation – is to “govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

Applicability

Any private enterprise in Canada that collects personal information during the course of commercial activity is subject to PIPEDA. Canada’s Office of the Privacy Commissioner has a helpful tool organization can use to determine what organization to contact if they have a privacy issue. It also has a fact sheet on privacy legislation designed to assist enterprises as well.

Objective

  • It applies to federal works, undertakings or businesses (FWUBs).
  • It applies to the collection, use and disclosure of personal information in the course of a commercial activity and across borders. PIPEDA also applies within provinces without substantially similar private sector privacy legislation.
  • It applies to employee information only in connection with a FWUB.
  • The provincial PIPAs apply to provincially regulated private sector organizations.
  • Employee information held by provincially-regulated organizations in Alberta and B.C. is covered by the provincial PIPAs.

Approach

Our approach is mentioned below: 

Phase 1: Governance & Planning
Phase 2: Gap Analysis
Phase 3: Implementation 
Phase 4: Privacy Compliance, Risk Management Framework & Audit 

    Why CyberSRC®?

    Established in January 2018, CyberSRC® Consultancy offers the full machination of cyber security services ranging from threat intelligence, VMS to general advisory services in areas pertaining to Cyber security such as vulnerability attacks, compliance, and cyber security regulations, and laws. We are into system audits such as ISNP Audits, NBFC Audits, UCB Audits, PPI Audits, and SEBI Audits. We provide our solutions with better accountability. We are a certified assurance firm. We are an ISO 27001 certified organization, backed by a very diverse and dynamic team.