The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that regulates how private-sector organizations collect, use, and disclose personal information in the course of their for-profit, commercial activities. It applies to personal information of employees of federally-regulated businesses as well. PIPEDA sets national standards for privacy practices in the private sector.
In essence, PIPEDA provides a framework for businesses to handle personal information responsibly, respecting the rights of individuals while enabling them to carry out their commercial activities.
Key aspects of PIPEDA
Scope
PIPEDA applies to private sector organizations that conduct business across Canada or in a province that doesn't have a privacy law deemed substantially similar to PIPEDA.
Consent
PIPEDA recognizes two forms of consent: express consent (active agreement) and implied consent (failure to refuse after being offered the opportunity).
Data Breaches
Organizations must notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals if they become aware of a data breach that poses a significant risk of harm.
Penalties
Fines can range up to $80,000 for serious violations.
Purpose
The law aims to protect the privacy of individuals with respect to their personal information while acknowledging the need for organizations to collect, use, or disclose information for reasonable purposes.
Fair Information Principles
PIPEDA outlines 10 fair information principles that organizations must adhere to, including accountability, identifying purposes, consent, limiting collection, use, disclosure, and retention, accuracy, safeguards, openness, individual access, and challenging compliance.
Enforcement
The OPC investigates complaints and can issue administrative penalties for non-compliance.
Relationship to Other Laws
Provincial privacy laws may apply instead of PIPEDA in certain circumstances, especially if they are deemed substantially similar.
myLaminin’s compliance with PIPEDA
myLaminin actively worked with the OPC to understand its obligations and responsibilities in supporting researchers and research institutions to secure their research data, facilitate global collaboration, and comply with regulatory standards. myLaminin has implemented the OPC’s recommendations and is substantially PIPEDA compliant with a few required notifications that are on our roadmap.
