The use of personal information in Canadian commercial activities is protected by federal legislation under the Personal Information Protection and Electronic Documents Act (PIPEDA), or by provincial legislation that is substantially similar to the federal legislation.
PIPEDA was enacted to alleviate consumer concerns about privacy and to allow Canada's business community to compete in the global digital economy. Organizations able to demonstrate their respect for and protection of personal information will gain a competitive advantage. Complying with PIPEDA builds trust in the digital marketplace and creates opportunities for Canadian businesses.
PIPEDA defines personal information as "information about an identifiable individual" that includes any factual or subjective information, recorded or not, in any form. For example, the following would be considered personal information:
- Name, address, telephone number, gender;
- Identification numbers, income or blood type;
- Credit records, loan records, existence of a dispute between a consumer and a merchant, and intentions to acquire goods or services.
PIPEDA Compliance is Good Business
Good privacy practices help to:
- Build consumer confidence,
- Increase customer loyalty,
- Protect the integrity of an organization's brand.
Almost 50 percent of consumers said they would buy more frequently and in greater volume from companies known to have more reliable privacy practices, according to a recent Harris Interactive Study for Privacy & American Business.
With the implementation of PIPEDA, Canadian firms can do business seamlessly with the European Union (EU), which recognizes PIPEDA as providing adequate data protection. This is a significant benefit, since the EU has privacy laws that prohibit the flow of personal information to countries without such protection.
Non-Compliance is Risky
A firm that fails to protect the privacy of personal information faces significant risks, including:
- Damage to reputation, brand and business relationships;
- Charges of deceptive business practices;
- Legal liability and industry or regulatory sanctions;
- Reduced revenue, market share and shareholder value;
- Customer refusal to provide personal information.
To learn more about adopting procedures to comply with PIPEDA, see the Privacy Commissioner of Canada's A Guide for Businesses and Organizations.
Disclaimer: This information is not intended to constitute legal advice. Consult a lawyer about specific legal questions.