A number of industry associations in Canada have also developed privacy codes. One that has been particularly influential is the code developed by the Canadian Standards Association (CSA): its Model Code for the Protection of Personal Information. This code's ten principles of fair information practices form the foundation of the Personal Information Protection and Electronic Documents Act (PIPEDA).
Published in 1996, the CSA code aims to strike a balance between the information requirements of businesses and the privacy rights of individuals. It includes the following stipulations:
Individuals should be informed of and consent to the collection, use or disclosure of their personal information.
Information should be used and disclosed only for the purposes for which it was collected.
Organizations should inform people about their policies and practices for dealing with personal information.
Individuals should be allowed access to their personal information when they request it, and they should be able to challenge the accuracy of that information.
Several organizations have developed voluntary privacy codes based on the CSA principles. These organizations include the Canadian Association of Internet Providers, the Canadian Bankers Association, the Canadian Marketing Association, the Canadian Medical Association, and the Insurance Bureau of Canada.
Since these codes are voluntary, they are not legally enforceable. However, they function as a code of ethics and good business practices for the companies that belong to these organizations—which, by virtue of their membership, are bound by good faith to adhere to the provisions.