Unlike the U.S., Canada has passed a comprehensive data privacy law called PIPEDA (Personal Information Protection and Electronic Documents Act). Starting January 1, 2001, PIPEDA was applied to customer and employee information maintained by federally-regulated industry such as airlines, banking, broadcasting, telecommunications and transportation. And starting January 1, 2004, PIPEDA applies to all personal information collected, used or disclosed in the course of commercial activities by all private sector organizations.

PIPEDA establishes 10 basic data privacy principles that businesses must maintain. These principles describe accountability, notification, consent, collection limits, disclosure limits, accuracy, safeguards, openness and individual access.

The Government of Quebec, days before PIPEDA went into full effect, challenged the constitutionality of the law, claiming that the new federal privacy legislation comes at too high a cost. The outcome has yet to be determined.

Related Matter


U.S. Trends

Canada and Outside the U.S.:
Canada Challenges Patriot Act
Canadian DNA Database
Safe Harbor Agreement
US-VISIT Program