Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act
Parliament of Canada
  • An Act to support and promote electronic commerce by protecting the personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions, and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act
CitationS.C. 2000, c. 5[1]
Enacted byParliament of Canada
Assented to13 April 2000
CommencedSection 1 in force 13 April 2000; Parts 2, 3 and 4 in force 1 May 2000; Part 1 in force 1 January 2001; Part 5 in force 1 June 2009
Legislative history
Bill title36th Parliament, Bill C-6
Introduced byJohn Manley, Minister of Industry

The Personal Information Protection and Electronic Documents Act (PIPEDA; French: Loi sur la protection des renseignements personnels et les documents électroniques) is a Canadian law relating to data privacy.[2] It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens. In accordance with section 29 of PIPEDA, Part I of the Act ("Protection of Personal Information in the Private Sector") must be reviewed by Parliament every five years.[3] The first Parliamentary review occurred in 2007.[4]

PIPEDA incorporates and makes mandatory provisions of the Canadian Standards Association's Model Code for the Protection of Personal Information, developed in 1995. However, there are a number of exceptions to the Code where information can be collected, used and disclosed without the consent of the individual. Examples include reasons of national security, international affairs, and emergencies. Under the Act, personal information can also be disclosed without knowledge or consent to investigations related to law enforcement, whether federal, provincial or foreign.[5] There are also exceptions to the general rule that an individual shall be given access to his or her personal information. Exceptions may include information that would likely reveal personal information about a third party, information that cannot be disclosed for certain legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client privilege.[6]

  1. ^ http://laws-lois.justice.gc.ca/PDF/P-8.6.pdf [bare URL PDF]
  2. ^ McClennan, Jennifer P.; Schick, Vadim (2007). "O, Privacy: Canada's Importance in the Development of the International Data Privacy Regime". Georgetown Journal of International Law. 38: 669–693.
  3. ^ Section 29 of the Act
  4. ^ PIPEDA Review – Privacy Commissioner of Canada
  5. ^ Section 7, subparagraph (3)(c.1)(ii) of the Actthe act
  6. ^ Subsection 9(3) of the Act