Personal Information Protection and Electronic Documents Act (PIPEDA)
Personal Information Protection and Electronic Documents AcT
PIPEDA is Canada's federal private sector data protection legislation. It applies to all federally regulated works and undertakings, as well as provincially regulated private sector organizations in provinces and territories other than Quebec, Alberta, and B.C. (that have their own, similar, laws). See our FAQs on PIPEDA for more information.
PIPEDA Review
PIPEDA was scheduled for Parliamentary review in 2006 (five years after coming into force). In September 2006, CIPPIC filed comments with the federal Privacy Commissioner on a variety of issues regarding PIPEDA, in response to her call for input regarding the upcoming Parliamentary review. Parliament began its review of PIPEDA on November 20, 2006, via the House of Commons Standing Committee on Access to Information, Privacy and Ethics. CIPPIC filed a "written submission": with the Parliamentary committee in November, 2006, making 20 recommendations for legislative amendments, and appeared before the Committee on Dec.6th, 2006. The Committee heard from numerous stakeholders, and issued its report on May 2nd, 2007.
The federal government responded to the Committee report in October 2007, and then issued a public notice inviting comment on the specifics of implementating a data breach notification provision, as well as on the concepts of "work product" and "lawful authority". Other issues on which public input is being sought include witness statements, consent by minors, investigative bodies and the extent to which elements contained in the health-related PIPEDA Awareness Raising Tools (PARTs) document may be set out in legislative form. Comments are due by January 15th, 2008, and can be sent by email to PIPEDAconsultation@ic.gc.ca.
- Schedule of Hearings, Meeting Notes and Transcripts
- Submissions to Parliamentary Committee on PIPEDA Review (Oct.2006 - Feb.2007)
- CIPPIC White Paper on Security Breach Notification
- ETHI Committee Report (May 2007)
- CIPPIC response to ETHI Committee report (9 May 2007)
- Government response to ETHI Committee report (Oct 2007)
- Consultation on Implementation of Government Response (Oct 2007)
Submissions to Industry Canada on PIPEDA Review (Jan 2008)
- CIPPIC submission
- Privacy Commissioner of Canada submission
- PIAC submission
- Adam Shostack submission
- Other submissions (posted on Industry Canada website)
Regulations exempting organizations subject to "substantially similar" provincial laws
In response to Industry Canada's February 2005 call for comments on its proposed exemption order under PIPEDA for health information custodians in Ontario, CIPPIC filed comments pointing out a substantial difference between the federal and provincial privacy regimes, in respect of permitted disclosures of personal health information for research purposes, without the patient's consent. Under PIPEDA, certain important criteria must be met. Under the Ontario legislation, such criteria need only be "considered" by a research ethics board.
Regulations specifying "Investigative Bodies" under PIPEDA
Protection of Personal Information and Electronic Documents Act ("PIPEDA") - Regulations Specifying Investigative Bodies: In November 2003, CIPPIC submitted comments on proposed amendments to the regulation designating "investigative bodies" under PIPEDA. Under the Act, designated "investigative bodies" can receive and disclose personal information without the knowledge or consent of the individuals concerned. CIPPIC's comments focused on the need for more rigour in the granting of this status, as well as specific concerns regarding the application by Teranet Services Inc.