PIPEDA- Data Protection tale of Canada, Part-2

In our earlier article we well versed ourselves with an understanding of Canada as a country and the purpose behind the enactment of PIPEDA (Personal Information Protection and Electronic Documents Act). We briefly discussed the enforceability of the act as it came into force in various stages. Now in this part we shall discuss with the Applicability and brief about the Principles  of PIPEDA. 

APPLICATION  OF PIPEDA

PIPEDA is a centrally legislated act, and in one aspect it applies to every organisation that collects, uses or discloses the personal information in the course of commercial activity. In other and simplifying words the act applies to Private- sector organisations across Canada who collect the personal Information. 

Personal Information under PIPEDA means information about an identifiable Individual.

In other aspects it applies to personal information which is disclosed during the employment or an applicant of employment. However, it does not apply to the Business contact information that organisation collects solely for the purpose of communicating/facilitating in relation to their employment, Business or Profession.    

Image Source- https://www.freeprivacypolicy.com/blog/pipeda/

What is Commercial Activity? 

It means any particular transaction, act, conduct, any regular course of conduct which is of commercial nature and includes -selling, bartering, or leasing of donor, membership or fund raising list. This list is inclusive in nature hence can not be assumed to be an exhaustive one.

PIPEDA not only protects the personal information but also protects the personal information pertaining to the health of Living or Deceased. Now the question arises, what all information amounts to personal health information? The act succinctly defines the meaning of personal health information  as the information  concerning the physical or mental health of the individual, health service provided to the individual, donation of any body part or bodily substance or information derived from examination or testing, information collected at the time of providing the health services or incidental collected to the provisions of health services. 

NON-APPLICATION OF PIPEDA

PIPEDA does not apply to the federal government and agencies as the information/personal data collected by them is covered under the Privacy Act.Being a central legislation it does not apply to some provinces like Alberta, Quebec, British Columbia as they have their own Provincial laws (Personal Information Protection Act hereinafter referred as PIPA) which are similar to PIPEDA.  

There are some other provinces where health information laws are similar to PIPEDA and those provinces are –  

1) New Brunswick: Personal Health Information Privacy and Access Act

2) Newfoundland and Labrador:Personal health information Act

3) Nova Scotia: Personal Health Information Act

4) Ontario: Personal Health Information Protection Act.

PIPEDA also does not apply to Business Contact Information of individuals collected for communicating or facilitating in relation to their employment, business or profession. 

PRINCIPLES

PIPEDA consists of 10 fair information principles and they are- 

(1) Accountability (2) Identifying Purposes (3) Consent (4) Limiting Collection (5) Limiting Use, Disclosure, and Retention (6) Accuracy (7) Safeguards (8) Openness (9) Individual Access (10) Challenging Compliance.

We shall discuss all these underlying principles in detail in our next part.

………. To be Continued