# Personal Information Protection and Electronic Documents Act (PIPEDA)

# Acronyms, Abbreviations, and Initialisms

Short Form	Full Form
EU	European Union
GDPR	General Data Protection Regulation
PIPEDA	Personal Information Protection and Electronic Documents Act

# Overview

The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to private sector organizations across Canada that collect, use, or disclose personal information in the course of a commercial activity. Businesses must follow the 10 fair information principles to protect personal information.

All businesses that operate in Canada and handle personal information that crosses provincial or national borders in the course of commercial activities are subject to PIPEDA, regardless of the province or territory in which they are based (including provinces with substantially similar legislation).

Federally regulated organizations that conduct business in Canada are always subject to PIPEDA.

PIPEDA could be considered Canada's version of the European Union (EU)'s General Data Protection Regulation (GDPR); however, the GDPR applies across the entirety of the EU whereas PIPEDA does not apply to every province of Canada.

# Principles

Accountability
Identifying Purposes
Consent
Limiting Collection
Limiting Use, Disclosure, and Retention
Accuracy
Safeguards
Openness
Individual Access
Challenging Compliance

# Noteworthy

PIPEDA is a Canadian law.
PIPEDA applies to private sector organizations.
PIPEDA contains 10 fair information principles.

# Sources

https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief

canada privacy