The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada. The act originally went into law on April 13, 2000 to foster trust in electronic commerce but has expanded since to include industries like banking, broadcasting, and the health sector. The purpose of the law – per legislation – is to “govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

Any private enterprise in Canada that collects personal information during the course of commercial activity is subject to PIPEDA. Canada’s Office of the Privacy Commissioner has a helpful tool organization can use to determine what organization to contact if they have a privacy issue. It also has a fact sheet on privacy legislation designed to assist enterprises as well.

• It applies to federal works, undertakings or businesses (FWUBs).
• It applies to the collection, use and disclosure of personal information in the course of a commercial activity and across borders. PIPEDA also applies within provinces without substantially similar private sector privacy legislation.
• It applies to employee information only in connection with a FWUB.
• The provincial PIPAs apply to provincially regulated private sector organizations.
• Employee information held by provincially-regulated organizations in Alberta and B.C. is covered by the provincial PIPAs.

Our approach is mentioned below: 

Phase 1: Governance & Planning
Phase 2: Gap Analysis
Phase 3: Implementation 
Phase 4: Privacy Compliance, Risk Management Framework & Audit