Businesses in Canada are protected through two federal privacy laws. The Privacy Act, as we all know implies to the federal government and protects personal information handling. PIPEDA, on the other hand, is more detailed.

The Personal Information Protection and Electronic Documents Acts (PIPEDA) came to effect on 1st January, 2004 and now extended to most businesses in Canada. PIPEDA has changed the way many businesses and organizations are allowed to collect, utilize and disclose personal information relating to commercial activity.


PIPEDA is a federal policy that bars most businesses to collect, use or disclose personal information relating to an individual based on their commercial activity. PIPEDA also regulates standards for handling of personal information. The basic outlines of PIPEDA are:

  • If a business intends to collect, use or disclose personal information about an individual, it needs the consent of the individual, except in limited and certain circumstances.
  • A business can only use or disclose an individual’s personal information that they have given consent on.
  • A business has to limit the collecting, usage and disclosing of personal information that would be considered appropriate under certain circumstances, even with consent.
  • Individuals have the right to view their personal information a business keeps, and can correct any inaccurate details.
  • The Privacy Commissioner of Canada will ensure the compliance of the law and the rights of the individuals who have their personal information in hands of businesses.

What Is Personal Information?

Personal Information is thoroughly defined in PIPEDA. Basically it relates to any personal information about an individual that is subjective and factual. This includes information like:

  • Name, age, ID numbers, ethnicity, income, social insurance number, blood type, license plate number, passwords, loan records, credit records, or medical history and records;
  • Opinions, comments, social status, sexual orientation, interests, habits, hobbits, or disciplinary actions.

Personal information however does not include the name, business address, title, or contact number of employees. This exception is in place to allow day to day commercial activity.

Why Your Business Needs to Comply?

In competitive markets, businesses require personal information of clients and customers to identify and interact with them. They can use this information to seek potential customers interested in what they offer. Hence, businesses today face a challenge of accessing and using that information in a way that does not offend the right of privacy. Giving your customers’ privacy respect is the foundation of building on a healthy customer relationship.

Send a Message