The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that aims to safeguard the privacy of personal information held by private sector organizations. Under PIPEDA, individuals have the right to access and request correction of their personal information held by an organization. Certain provinces in Canada, such as British Columbia, Alberta, and Quebec, have their own privacy laws that are considered substantially similar to PIPEDA. Therefore, businesses operating in those provinces may be subject to those laws instead of PIPEDA.
PIPEDA is applicable to all Canadian organizations that handle personal information in the course of commercial activity, including those operating in Canada, those with Canadian customers or employees, and those collecting personal information from individuals in Canada. Non-compliance with PIPEDA can result in fines of up to CAD $100,000 per violation, in addition to legal action, reputational damage, and loss of customer trust. It is important for organizations to be aware of their obligations under PIPEDA and to take steps to ensure compliance to avoid these consequences.