What is PIPEDA (The Personal Information Protection and Electronic Documents Act)?

PIPEDA is a Canadian law (implemented in 2000) governing the collection, use and disclosure of personal information by commercial businesses. The law is similar in many respects to the European Union’s General Data Protection Regulation (GDPR).

PIPEDA defines personal information as information about an identifiable individual (not including names, titles or business addresses or telephone numbers of individuals or organizations). Citizens have a number of rights under the law, including the right to know what information is being collected and why and to know how their data is being protected. Organizations are required (among other things) to obtain consent when information is collected, used or disclosed and to have clear, easily understandable policies relating to their data gathering and usage practices.