What is PIPEDA?
PIPEDA, which is short for Personal Information Protection and Electronic Documents Act, is a Canadian law protecting the rights and privacy of consumers in Canada. The law specifies how private organizations are supposed to collect, use and distribute data from consumers. Organizations covered by PIPEDA must obtain the consent of consumers when collecting, using and disseminating personal data.
Consumers, on the other hand, have the right to access any information held by a private organization and even challenge its accuracy. PIPEDA stipulates that data collected from consumers must only be used for the purpose for which it was collected. If an organization wishes to use the data for any other purpose, they need to obtain consent from the consumer once more.
Individuals are also assured that their information will be protected by the organizations that hold their data.
Where and How Does PIPEDA Apply?
PIPEDA directs organizations on the collection, use and disclosure of information collected from consumers in the course of commercial undertakings. As per PIPEDA Act, commercial activities refer to any transaction of a commercial character which may include selling, bartering and leasing of membership, donor or fundraising lists.
In provinces with privacy legislation similar to PIPEDA, some organizations/activities are exempt to this law. Quebec, Alberta and British Columbia have adopted privacy laws that are considered substantially similar to PIPEDA. Other provinces with similar legislation, although it is regarding personal health details, are New Brunswick, Ontario, Nova Scotia, Newfoundland and Labrador.
Even in provinces with privacy legislation similar to PIPEDA, the federal law which is PIPEDA still applies to all international and interprovincial transactions and all federally regulated businesses such as banks, transport and telecommunication companies.
Rights of an Individual According to PIPEDA
According to PIPEDA, personal information refers to details on an identifiable person without the inclusion of name, title, telephone number and business address of an employee of a business/organization.
PIPEDA grants individuals the right to:
With the above rights, PIPEDA Canada can ensure that personal information is not distributed or disclosed to individuals who might put consumers at risk. By so doing, an individual is protected from identity theft and misuse of personal data.
PIPEDA has also stipulated the roles of organizations in safeguarding personal information. An organization is required to;
Consumers Can Get Their Complaints Heard
PIPEDA Act does not give consumers a right to sue for any violations from organizations. PIPEDA stipulates that complaints are taken to Office of the Privacy Commissioner of Canada from where the allegations will be investigated and a report produced after the investigation.
The report from the commissioner is not binding to any of the parties; it is more like a recommendation. Besides creating a report, the commissioner has no power to order compliance, levy penalties or award damages. The organization under investigation does not have to take the recommendations from the commissioner.
After the complainant gets the report, they can then take it to the Federal Court of Canada. The organization complained about is not allowed by PIPEDA to take the matter to court seeing that the report is not a decision.
Under section 14, PIPEDA provides that a complainant have the right to apply for a hearing at the Federal Court of Canada. After the hearing, the court has the power to award damages and order the organization to change its practices.
All organizations have privacy policies, but it is only through PIPEDA that organizations ensure that these privacy policies work. Without PIPEDA, organizations will just have privacy policies to ensure they get the personal information they need for business.
Organizations have adopted different options for data protection and encryption to ensure that personal information stays safe. Personal information includes name, age, ID numbers, income, ethnic origin, social status, blood type, credit records, loan records, medical records and employee files among others.
Scott Gallupe of 403Tech Discusses Cybersecurity Threats in Business in Calgary Article
The COVID-19 pandemic sent businesses scrambling to pivot from an office-based environment to a remote workforce. A recent issue of Business in Calgary featured 403Tech President Scott Gallupe, who advised on how local businesses can protect their IT systems from cybersecurity threats. He explained that passwords and video collaboration tools are possible entryways for viruses and malware. The article, Alright, Stop, Collaborate and Listen, features several local IT leaders, describes the issues faced by business owners during the pandemic and provides guidance on ways to protect business data from ransomware and other types of cyberattacks.