You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? The Office of the Privacy Commissioner of Canada (Commissariat à la protection de la vie privée du Canada) has a twitter account that shares information regarding privacy and an individual’s rights in Canada.

I like the content they share, as it demystifies rights for adults and even children. I have also found their content has even taught me a few things. What I wasn’t aware of was the Personal Information Protection and Electronic Documents Act (PIPEDA). In French, this is “Loi sur la protection des reseignements personnels et les documents électroniques, which entered into law on 13 April 2000. Not only was this act implemented for Canadian consumers to trust e-commerce, but it was also enacted to reassure the EU that Canadian privacy laws protect the personal information of their citizens.

If you are familiar with GDPR, a bit of the terminology may feel similar. But again, this predates GDPR, it is Canadian, and it is reviewed every five years, so do not expect it to be identical. Just like GDPR within PIPEDA, individuals have the right to access the data the organization has collected on them, and they can update their data to reflect more accurate information. However, noticeably not mentioned is the right to be forgotten.

PIPEDA is defined by ten principles:

  1. Accountability

An individual or team must be in place to (Read more...)