In 2004, the Canadian government fully implemented the Personal Information Protection and Electronic Documents Act (PIPEDA) to govern how organizations in the federally-regulated sector use and disclose personal information for commercial reasons.



In general, any company that falls under the legislative authority of the Parliament of Canada is subject to PIPEDA - for instance, companies in banking, telecommunications, or aviation are required to follow the rules outlined in the Act.

Fair Information Principles

PIPEDA outlines ten fair information principles for companies to follow:

1. Accountability: Organizations are held responsible for the personal information they have collected.
2. Identifying Purposes: Organizations must specify why they are requesting personal information.
3. Consent: Individual knowledge and consent are required for the collection, use, and/or disclosure of personal information.
4. Limiting Collection: Organizations can only collect necessary personal information. For instance, companies do not need to know an individual’s driver’s license information if driving will not be part of an individual’s job.
5. Limiting Use, Disclosure, and Retention: Personal information can only be used or disclosed for the reason it was collected (unless an individual provides additional consent or if required by law).
6. Accuracy: Personal information must be as accurate, complete, and as up-to-date as possible.
7. Safeguards: There must be an appropriate level of security depending on the sensitivity of the information. As most information is stored virtually, organizations must ensure they have an appropriate level of cybersecurity in place.
8. Openness: An organization’s policies and practices relating to the collection and management of personal information must be readily available to the public.
9. Individual Access: If an individual wants to be informed of the collection/use/disclosure of their personal information, an organization must comply. Individuals are also allowed to challenge the accuracy of the record.
10. Challenging Compliance: Individuals are allowed to challenge an organization’s compliance with these ten principles and PIPEDA overall.

Stay in line with the law by double-checking that your organization and any third-party vendors you work with follow the ten principles outlined in PIPEDA - penalties and fines go up to $100,000 for non-compliance.

Jobseekers - What does this mean for me?

Ultimately, PIPEDA was designed with organizations in mind. Nevertheless, it is a good idea to understand what PIPEDA is and the limitations that come with it to ensure your rights are respected.