Personal Information Protection and Electronic Documents Act (PIPEDA)
Acronyms, Abbreviations, and Initialisms
|Short Form||Full Form|
|GDPR||General Data Protection Regulation|
|PIPEDA||Personal Information Protection and Electronic Documents Act|
The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to private sector organizations across Canada that collect, use, or disclose personal information in the course of a commercial activity. Businesses must follow the 10 fair information principles to protect personal information.
All businesses that operate in Canada and handle personal information that crosses provincial or national borders in the course of commercial activities are subject to PIPEDA, regardless of the province or territory in which they are based (including provinces with substantially similar legislation).
Federally regulated organizations that conduct business in Canada are always subject to PIPEDA.
PIPEDA could be considered Canada's version of the European Union (EU)'s General Data Protection Regulation (GDPR); however, the GDPR applies across the entirety of the EU whereas PIPEDA does not apply to every province of Canada.
- Identifying Purposes
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Individual Access
- Challenging Compliance
- PIPEDA is a Canadian law.
- PIPEDA applies to private sector organizations.
- PIPEDA contains 10 fair information principles.