The Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) sets outthe ground rules for how private-sector organizations in Canada collect, use or disclose personalinformation in the course of commercial activities.
What is “personal information”?
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- Age, name, ID numbers, income, ethnic origin, or blood type (We need your name, not likely the other info in this list unless you are employed by us.)
- Opinions, evaluations, comments, social status, or disciplinary actions; (We sometimes want this info, although we really don’t want to have disciplinary issues.)
- Employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs.) (We sometimes want this info, but if you’re not one of ouremployees then we really don’t want your employee files.)
What is not covered by PIPEDA?
There are some instances where PIPEDA does not apply. Some examples include:
- An employee’s name, title, business address or telephone number (This means if the info you give us the info on your business card then it’s not considered personal information.)
- An individual’s collection, use or disclosure of personal information strictly for personal purposes (e.g. personal greeting card list)
- An organization’s collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes
- Accountability: We are accountable for the personal information we collect, use, retain and disclose in the course of our activities, and have appointed a Chief Privacy Officer, who is responsible for ensuring your information is protected.
- Identifying Purposes: We explain the purpose(s) for which the information is being used at the time of collection and use it only for those purposes. Mostly it is to give you information you asked for, keep you informed as you requested, or provide services you wanted.
- Consent: We will obtain your express or implied consent when we collect, use, or disclose your personal information unless there is a legally valid reason that we may or have to without your consent. You can withdraw consent but then we won’t be able to serve you.