Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s Privacy Law designed for the protection of personal information in the hands of private sector organizations and provides guidelines for the collection.

PIPEDA is built on ten key privacy ideas;

  1. Accountability of the organization
  2. Identifying Purposes for which personal information is collected at or before the time the information is collected.
  3. The knowledge and consent of the individual are required
  4. The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization
  5. Limiting Use, Disclosure, and Retention. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
  6. Personal information shall be as accurate, complete, and up-to-date
  7. Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
  8. An organization shall make readily available to individuals specific information about its policies and practises
  9. An individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information.
  10. An individual shall be able to address a challenge concerning compliance with the above principles

For additional information and a Compliance Checklist check the PIPEDA Checklist.