What is PIPEDA?
Personal Information Protection and Electronic Documents Act (PIPEDA) applies to all private organizations in Canada that collect, use or disclose personal information in a commercial activity. PIPEDA also applies if you are a Canadian organization undertaking business outside the country. In addition to PIPEDA, there are province-specific privacy laws that must to be taken into consideration as well.
How do I find out if I am collecting user information in accordance with PIPEDA?
As per the Office of the Privacy Commissioner of Canada, the following information is all considered personal information:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
Yes. A lawyer review protects and future-proofs your business with regards to data privacy compliance. Reviewing with a lawyer also ensures that provincial privacy laws and other business/industry-specific policies are added to the document. Privacy policies should be reviewed regularly to ensure the language remains up-to-date with changing laws.