Site icon IT World Canada

Sidebar: PIPEDA’s ‘No-go’ zones for businesses

Stop symbol

Graphic by Suebsiri via GettyImages.ca

The federal Personal Information Protection and Electronic Documents Act (PIPEDA) applies to all businesses in Canada except those in B.C., Alberta, and Quebec.

The Office of the Privacy Commissioner of Canada (OPC) notes that PIPEDA states that any collection, use, or disclosure of personal information must only be for purposes that a reasonable person would consider appropriate in the circumstances.

PIPEDA is based on 10 fair principles for the collection and use of personal data of employees, customers and partners. Three of these are, arguably, the most important:

— the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate;

— the collection of personal information must be limited to what is needed for the purposes identified by the organization. Information must be collected by fair and lawful means;

— unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.

To make it clearer, the OPC says the following purposes would generally be considered inappropriate — or, what it calls no-go zones — by a reasonable person:

Exit mobile version