Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Personal Information Protection and Electronic Documents Act
open-in-new
<h2 id="overview">Overview</h2> <p>"Personal Information", as specified in PIPEDA, is as follows: information about an identifiable individual, but does not include the name, title or business address, or telephone number of an employee of an organization. </p><p>The <i>Act</i> gives individuals the right to </p> <ul><li>know why an organization collects, uses, or discloses their <a href="/facts/Personal_data/384PbBg5">personal information</a>;</li> <li>expect an organization to collect, use or disclose their personal information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;</li> <li>know who in the organization is responsible for protecting their personal information;</li> <li>expect an organization to protect their personal information by taking appropriate security measures;</li> <li>expect the personal information an organization holds about them to be accurate, complete, and up-to-date;</li> <li>obtain access to their personal information and ask for corrections if necessary; and</li> <li>complain about how an organization handles their personal information if they feel their privacy rights have not been respected.</li></ul> <p>The <i>Act</i> requires organizations to </p> <ul><li>obtain consent when they collect, use, or disclose their personal information;</li> <li>supply an individual with a product or a service even if they refuse consent for the collection, use, or disclosure of your personal information unless that information is essential to the transaction;</li> <li>collect information by fair and lawful means; and</li> <li>have personal information policies that are clear, understandable, and readily available.</li></ul> <h2 id="implementation">Implementation</h2> <p>The implementation of PIPEDA occurred in three stages.<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> Starting in 2001, the law applied to federally regulated industries (such as <a href="/facts/Airline/CEwakbf5">airlines</a>, <a href="/facts/Bank/XDA9aGge">banking</a> and <a href="/facts/Broadcasting/AV1f3dGy">broadcasting</a>). In 2002, the law was expanded to include the health sector. Finally in 2004, any organization that collects personal information in the course of commercial activity was covered by PIPEDA, except in provinces that have "substantially similar"<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> privacy laws. As of October 2018, seven provinces have privacy laws that have been declared by the federal Governor in Council to be substantially similar to PIPEDA:<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> </p> <ul><li><i>An Act Respecting the Protection of Personal Information in the Private Sector</i> (Quebec)<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a></li> <li><i>The Personal Information Protection Act</i> (British Columbia)<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a></li> <li><i>The Personal Information Protection Act</i> (Alberta)<a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a></li> <li><i>The Personal Health Information Protection Act</i> (Ontario), "with respect to health information custodians"</li> <li><i>The Personal Health Information Privacy and Access Act</i> (New Brunswick),<a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a> "with respect to personal health information custodians"</li> <li><i>The Personal Health Information Act</i> (Newfoundland and Labrador),<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a> "with respect to health information custodians"</li> <li><i>The Personal Health Information Act</i> (Nova Scotia), "with respect to health information custodians"</li> <li><i>Memorandum of Understanding</i><a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a></li></ul> <h3><i>Personal Information Protection Act</i> (British Columbia)</h3> <p>Notable provisions of PIPA:<a class="footnote-ref" id="fnref:15" href="#fn:15"><sup>15</sup></a> </p> <ul><li>Consent must be garnered for the collection of personal information</li> <li>Collection of personal information limited to reasonable purposes</li> <li>Limits use and disclosure of personal information</li> <li>Limits access to personal information</li> <li>Stored personal information must be accurate and complete</li> <li>Designates the role of the Privacy Officer</li> <li>Policies and procedures for breaches of privacy</li> <li>Measures for resolution of complaints</li> <li>Special rules for employment relationships</li></ul> <h3><i>Personal Health Information Protection Act</i> (Ontario)</h3> <p class="note">Main article: <a href="/facts/Personal_Health_Information_Protection_Act/UympQf4w">Personal Health Information Protection Act</a></p> <p>The <i>Personal Health Information Protection Act</i>, known by its acronym PHIPA (typically pronounced 'pee-hip-ah'), established in 2004, outlines privacy regulations for health information custodians in <a href="/facts/Ontario/HUkxk5Rf">Ontario</a>, Canada. Breaches of PHIPA are directed to the Ontario Information and Privacy Commissioner.<a class="footnote-ref" id="fnref:16" href="#fn:16"><sup>16</sup></a> </p><p>The <i>Personal Health Information Protection Act</i> serves three important functions: </p> <ul><li>To govern the collection, use, and disclosure of personal health information by health information custodians.</li> <li>To provide patients with a right to request access to and correction of their records of personal health information held by health information custodians.</li> <li>To impose administrative requirements (regulations) on custodians with respect to records of personal health information.</li></ul> <h2 id="amendment">Amendment</h2> <p>On June 18, 2015, the <i>Digital Privacy Act</i> (Senate Bill S-4<a class="footnote-ref" id="fnref:17" href="#fn:17"><sup>17</sup></a>) became law, amending the PIPEDA<a class="footnote-ref" id="fnref:18" href="#fn:18"><sup>18</sup></a> to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates. </p><p>The PIPEDA sets out ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities. PIPEDA also applies to federal works, undertakings, and business in respect of employee personal information. The law gives individuals the right to access and request correction of the personal information these organizations may have collected about them. </p><p>In general, PIPEDA applies to organizations' commercial activities in all provinces, except organizations that collect, use or disclose personal information entirely within provinces that have their own privacy laws, which have been declared substantially similar to the federal law. In such cases, it is the substantially similar provincial law that will apply instead of PIPEDA, although PIPEDA continues to apply to federal works, undertakings or businesses and to interprovincial or international transfers of personal information. </p><p>Recently, the Office of the Privacy Commissioner of Canada, as well as academics and members of civil society, have claimed that it does not address modern challenges of privacy law sufficiently, calling for reforming PIPEDA in view of AI.<a class="footnote-ref" id="fnref:19" href="#fn:19"><sup>19</sup></a> The Canadian government responded to these calls with a comprehensive reform project currently under Parliamentary discussion. <a class="footnote-ref" id="fnref:20" href="#fn:20"><sup>20</sup></a> </p> <h2 id="remedies">Remedies</h2> <p>The <i>Act</i> does not create an automatic right to <a href="/facts/Lawsuit/gFeKr9ra">sue</a> for violations of the law's obligations. Instead, PIPEDA follows an <a href="/facts/Ombudsman/UHal49Fr">ombudsman</a> model in which complaints are taken to the <a href="/facts/Office_of_the_Privacy_Commissioner_of_Canada/xrfQIrEl">Office of the Privacy Commissioner of Canada</a>. The Commissioner is required to investigate the complaint and to produce a report at its conclusion. The report is not binding on the parties but is more of a recommendation. The Commissioner does not have any powers to order compliance, award damages, or levy penalties. The organization complained about does not have to follow the recommendations. The complainant, with the report in hand, can then take the matter to the <a href="/facts/Federal_Court_(Canada)/vwTA458u">Federal Court of Canada</a>. The responding organization cannot take the matter to the courts, because the report is not a decision and PIPEDA does not explicitly grant the responding organization the right to do so. </p><p>PIPEDA provides, at section 14, the complainant the right to apply to the <a href="/facts/Federal_Court_(Canada)/vwTA458u">Federal Court of Canada</a> for a hearing with respect to the subject matter of the complaint. The Court has the power to order the organization to correct its practices, to publicize the steps it will take to correct its practices, and to award damages.<a class="footnote-ref" id="fnref:21" href="#fn:21"><sup>21</sup></a> </p> <h2 id="proposed-bill-c-475">Proposed Bill C-475</h2> <p>As a result of long-enduring and central gap in Canada's privacy protections,<a class="footnote-ref" id="fnref:22" href="#fn:22"><sup>22</sup></a> Bill C-475 was proposed in February 2013 by Charmaine Borg, MP, proposing several amendments to the <i>Act</i>.<a class="footnote-ref" id="fnref:23" href="#fn:23"><sup>23</sup></a> Bill C-475 was defeated in January 2014.<a class="footnote-ref" id="fnref:24" href="#fn:24"><sup>24</sup></a> </p> <h2 id="see-also">See also</h2> <ul><li><i><a href="/facts/Fighting_Internet_and_Wireless_Spam_Act/u3PkBelR">Fighting Internet and Wireless Spam Act</a></i></li> <li><a href="/facts/Information_privacy_law/EERtnLNp">Information privacy law</a></li> <li><a href="/facts/Information_privacy/fb6DMpdN">Information privacy</a></li></ul> <h2 id="external-links">External links</h2> <ul><li><a href="https://laws-lois.justice.gc.ca/PDF/P-8.6.pdf"><i>Personal Information Protection and Electronic Documents Act</i></a></li> <li><a href="http://wearcam.org/intelligarde_subject_access_request.htm">Example of a PIPEDA request for video surveillance recordings.</a></li> <li><a href="http://www.privacylawyer.ca/blog/index.html">The Canadian Privacy Law Blog:</a> A regularly updated blog on issues related to privacy law and PIPEDA written by David T. S. Fraser, a Canadian privacy lawyer.</li> <li><a href="https://securiti.ai/canada-pipeda/">Overview of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA):</a> An overview of Canada's PIPEDA, where Canadian federal is discussed thoroughly.</li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>McClennan, Jennifer P.; Schick, Vadim (2007). "O, Privacy: Canada's Importance in the Development of the International Data Privacy Regime". Georgetown Journal of International Law. 38: 669–693. <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Section 29 of the Act <a href="https://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html" target="_blank">https://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>PIPEDA Review – Privacy Commissioner of Canada <a href="https://web.archive.org/web/20100813133308/http://www.priv.gc.ca/keyIssues/ki-qc/mc-ki-pipeda_e.cfm" target="_blank">https://web.archive.org/web/20100813133308/http://www.priv.gc.ca/keyIssues/ki-qc/mc-ki-pipeda_e.cfm</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Section 7, subparagraph (3)(c.1)(ii) of the Actthe act <a href="https://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-3.html#h-6" target="_blank">https://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-3.html#h-6</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>Subsection 9(3) of the Act <a href="https://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-4.html" target="_blank">https://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-4.html</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"Implementation Schedule - PIPEDA". Privcom.gc.ca. Archived from the original on 2008-09-07. Retrieved 2012-07-25. <a href="https://web.archive.org/web/20080907224309/http://www.privcom.gc.ca/legislation/02_06_02a_e.asp" target="_blank">https://web.archive.org/web/20080907224309/http://www.privcom.gc.ca/legislation/02_06_02a_e.asp</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"Canada Gazette". Gazette.gc.ca. 2002-08-03. Archived from the original on 2012-04-19. <a href="https://web.archive.org/web/20120419100156/http://www.gazette.gc.ca/archives/p1/2002/2002-08-03/html/notice-avis-eng.html#i10" target="_blank">https://web.archive.org/web/20120419100156/http://www.gazette.gc.ca/archives/p1/2002/2002-08-03/html/notice-avis-eng.html#i10</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>"Provincial legislation deemed substantially similar to PIPEDA". Office of the Privacy Commissioner of Canada. Archived from the original on 2018-10-15. Retrieved 2018-10-15. <a href="https://web.archive.org/web/20181015231611/https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/r_o_p/provincial-legislation-deemed-substantially-similar-to-pipeda/" target="_blank">https://web.archive.org/web/20181015231611/https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/r_o_p/provincial-legislation-deemed-substantially-similar-to-pipeda/</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"An Act respecting the protection of personal information in the private sector". .publicationsduquebec.gouv.qc.ca. Retrieved 2012-01-17. <a href="http://www2.publicationsduquebec.gouv.qc.ca/dynamicSearch/telecharge.php?type=2&file=/P_39_1/P39_1_A.html" target="_blank">http://www2.publicationsduquebec.gouv.qc.ca/dynamicSearch/telecharge.php?type=2&file=/P_39_1/P39_1_A.html</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>"BILL 38 - 2003: PERSONAL INFORMATION PROTECTION ACT". Leg.bc.ca. 2004-01-01. Retrieved 2012-01-17. <a href="http://www.leg.bc.ca/37th4th/3rd_read/gov38-3.htm" target="_blank">http://www.leg.bc.ca/37th4th/3rd_read/gov38-3.htm</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>"Alberta Queen's Printer". Qp.gov.ab.ca. March 2007. Retrieved 2012-01-17. <a href="http://www.qp.gov.ab.ca/documents/Acts/P06P5.cfm?frm_isbn=0779725816" target="_blank">http://www.qp.gov.ab.ca/documents/Acts/P06P5.cfm?frm_isbn=0779725816</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>"Personal Health Information Custodians in New Brunswick Exemption Order". Department of Justice. 2011-11-17. Retrieved 2012-11-24. <a href="https://laws-lois.justice.gc.ca/eng/regulations/SOR-2011-265/page-1.html" target="_blank">https://laws-lois.justice.gc.ca/eng/regulations/SOR-2011-265/page-1.html</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>"Personal Health Information Custodians in Newfoundland and Labrador Exemption Order". Canada Gazette. 2012-10-10. Retrieved 2012-12-01. <a href="http://canadagazette.gc.ca/rp-pr/p2/2012/2012-10-10/html/si-tr72-eng.html" target="_blank">http://canadagazette.gc.ca/rp-pr/p2/2012/2012-10-10/html/si-tr72-eng.html</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>"Memorandum of Understanding with Alberta and British Columbia". Office of the Privacy Commissioner of Canada. 29 October 2014. Retrieved 2018-10-15. <a href="https://www.priv.gc.ca/en/about-the-opc/what-we-do/provincial-and-territorial-collaboration/memorandums-of-understanding-with-provinces/mou/" target="_blank">https://www.priv.gc.ca/en/about-the-opc/what-we-do/provincial-and-territorial-collaboration/memorandums-of-understanding-with-provinces/mou/</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> <li id="fn:15"><p>Perun, Halyna; Michael Orr; Fannie Dimitriadis (2005). "2". Guide to the Ontario Personal Health Information Protection Act. Toronto ON, Canada: Irwin Law. pp. 19–20. ISBN 978-1-4593-1363-7. <a href="978-1-4593-1363-7" target="_blank">978-1-4593-1363-7</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></p></li> <li id="fn:16"><p>"ipc.on.ca". ipc.on.ca. Retrieved 2012-01-17. <a href="http://www.ipc.on.ca" target="_blank">http://www.ipc.on.ca</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></p></li> <li id="fn:17"><p>Canada, Office of the Privacy Commissioner of. "Fact Sheet: The Digital Privacy Act - Summary of key changes to the Personal Information and Electronic Documents Act (PIPEDA)". www.priv.gc.ca. Retrieved 2015-11-29. {{cite web}}: |first= has generic name (help) <a href="https://www.priv.gc.ca/resource/fs-fi/02_05_d_63_s4_e.asp" target="_blank">https://www.priv.gc.ca/resource/fs-fi/02_05_d_63_s4_e.asp</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></p></li> <li id="fn:18"><p>Canada, Office of the Privacy Commissioner of. "The Personal Information Protection and Electronic Documents Act (PIPEDA)". www.priv.gc.ca. Retrieved 2015-11-29. {{cite web}}: |first= has generic name (help) <a href="https://www.priv.gc.ca/leg_c/leg_c_p_e.asp" target="_blank">https://www.priv.gc.ca/leg_c/leg_c_p_e.asp</a> <a href="#fnref:18" class="footnote-back-ref">↩</a></p></li> <li id="fn:19"><p>"Policy Proposals for PIPEDA Reform to Address Artificial Intelligence Report". November 2020. <a href="https://www.priv.gc.ca/en/about-the-opc/what-we-do/consultations/completed-consultations/consultation-ai/pol-ai_202011/" target="_blank">https://www.priv.gc.ca/en/about-the-opc/what-we-do/consultations/completed-consultations/consultation-ai/pol-ai_202011/</a> <a href="#fnref:19" class="footnote-back-ref">↩</a></p></li> <li id="fn:20"><p>"Consumer Privacy Protection Act". 13 March 2023. <a href="https://ised-isde.canada.ca/site/innovation-better-canada/en/consumer-privacy-protection-act" target="_blank">https://ised-isde.canada.ca/site/innovation-better-canada/en/consumer-privacy-protection-act</a> <a href="#fnref:20" class="footnote-back-ref">↩</a></p></li> <li id="fn:21"><p>Canada, Office of the Privacy Commissioner of (2016-09-12). "How to apply for a Federal Court hearing under PIPEDA". www.priv.gc.ca. Retrieved 2020-11-15. {{cite web}}: |first= has generic name (help) <a href="https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-complaints-and-enforcement-process/federal-court-applications-under-pipeda/" target="_blank">https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-complaints-and-enforcement-process/federal-court-applications-under-pipeda/</a> <a href="#fnref:21" class="footnote-back-ref">↩</a></p></li> <li id="fn:22"><p>Dusseault, Pierre-Luc (April 2013). "Report of the Standing Committee on Access to Information, Privacy and Ethics" (PDF). House of Commons Canada. <a href="https://www.ourcommons.ca/Content/Committee/411/ETHI/Reports/RP6094136/ethirp05/ethirp05-e.pdf" target="_blank">https://www.ourcommons.ca/Content/Committee/411/ETHI/Reports/RP6094136/ethirp05/ethirp05-e.pdf</a> <a href="#fnref:22" class="footnote-back-ref">↩</a></p></li> <li id="fn:23"><p>"Private Member Bill Seeks to Bring Long Overdue Privacy Protections for Canadians". cippic.ca. Retrieved 2013-06-26. <a href="https://www.cippic.ca/en/news/PMB_PIPEDA_Order_Making_Powers" target="_blank">https://www.cippic.ca/en/news/PMB_PIPEDA_Order_Making_Powers</a> <a href="#fnref:23" class="footnote-back-ref">↩</a></p></li> <li id="fn:24"><p>"Bill C475". openparliament.ca. Retrieved 2014-12-13. <a href="https://openparliament.ca/bills/41-2/C-475/" target="_blank">https://openparliament.ca/bills/41-2/C-475/</a> <a href="#fnref:24" class="footnote-back-ref">↩</a></p></li> </ol>