PDF Print E-mail

PIPEDA (Canada)

Who is required to comply?
All Canadian companies and those who do business with said companies.

What is it?

Personal Information Protection and Electronic Documents Act, or PIPEDA as it is commonly referred to, is a Canadian law enacted in January 2004. The Act protects personal information in Canadian companies and organizations, and provides guidelines for the use and release of that information.

What are the requirements?

PIPEDA mandates that any personal information which is collected by a company must be done so with consent and used alone for the reason in which it was initially collected. Records, largely email correspondence, must be stored securely. Security must include password access and limited personnel access. Electronic email records must be retained for the entire course of business in which that information relates to, both currently and at any possible time in the future, when that information may be required.

What is the cost of non-compliance?

Heavy fines, court costs and loss of corporate reputation.

What is the significance of PIPEDA?

PIPEDA safeguards personal information that may have been exchanged during the course of business. The act provides accountability and security to this sensitive data by restricting its access and providing security measures around it.