Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity. The law defines a commercial activity as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.
Is Complying with PIPEDA Mandatory?
All businesses that operate in Canada and handle personal information that crosses provincial or national borders in the course of commercial activities are subject to PIPEDA, regardless of the province or territory in which they are based (including provinces with substantially similar legislation).
What are the penalties for not complying with PIPEDA?
Organizations that knowingly violate PIPEDA requirements for proactive security safeguards, data breach reporting, and keeping data breach records may be fined up to $100,000 in Canadian dollars (CAD) per violation.