The Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Protection Act of British Columbia (PIPA) governs the collection, use, disclosure, and management of personal information in British Columbia.
As a federal Act, PIPEDA protects personal information and outlines conduct expectations regarding such information. On June 18, 2015, Canada’s Senate and House of Commons passed the Digital Privacy Act to amend the PIPEDA, making notable changes such as adding a section on mandatory breach notification, detailing exemptions for individual consent for business contact information (eg. emails) or due diligence, and imposing greater consequences for non-compliance.
While it is important to be aware of the changes being made to the federal Act, one must note that PIPEDA is only meant to protect personal information in provinces and territories that do not have their own private-sector privacy laws. Because British Columbia has its own legislation regarding this through PIPA, the federal Act only applies to British Columbia in two circumstances:
- PIPEDA applies to federally regulated businesses (eg. banks, telephone companies, airlines, shipping companies, railways, etc.); or
- PIPEDA may apply to British Columbia-based organizations when the personal information of residents from other provinces is involved.
In all other circumstances, refer to British Columbia’s PIPA legislation for information about privacy in the private sector.
The Personal Information Protection Act of British Columbia describes in its legislation how the personal information of employees and customers must be handled by all private sector organizations and creates rules about collecting, using, and disclosing that information. PIPA strives to strike a balance between the individual’s right to protect his or her personal information and the organization’s need to collect, use, or disclose personal information. The Act does this by urging organizations to be accountable and hold themselves responsible for the information under their control, and outlining how to obtain valid consent for the use of personal data. The Act also provides information regarding an individual’s right to his or her personal information and how to correct one’s information should it be found to be inaccurate.
It is easy to see, then, the significance of data protection legislation to both organizations and the individual. By abiding by PIPEDA and PIPA, organizations can collect, use, and disclose data without incurring liability or coming into conflict with the customer or individual, who in turn can ensure that his or her information is accessible, correct, and not being used without the proper consent.
Technology vector created by Makyzz – Freepik.com
Esther Chen is currently employed by Gedcor as a Junior Technical Writer. She is pursuing her BFA in Creative Writing at the University of British Columbia.