Blog

PIPEDA's Definition of Personal Information

Data Security
January 4, 2023
In this article, the Accountable blog discusses PIPEDA and it's definition of Personal Information.

“Personal Information” as explained by Canadian regulation

PIPEDA is a federal privacy law in Canada that applies to organizations that collect, use, and disclose personal information in the course of commercial activities. The Act sets out the rules for how organizations must handle personal information in a fair and responsible manner.

What is “Personal Information” Under PIPEDA?

Under PIPEDA, "personal information" is defined as any information about an identifiable individual. This includes information that can be used on its own, or in combination with other information, to identify a person. Personal information can be factual (such as a person's name, age, or address) or it can be an opinion (such as a person's evaluation of a product or service).

Personal Information Exclusions

There are several categories of information that are specifically excluded from the definition of personal information under PIPEDA. These include:

  • Business contact information (such as an individual's business title, business address, or business telephone number) when it is used solely for the purpose of communicating with the individual in relation to their business, profession, or employment.
  • Publicly available information, such as information can be found in a public directory or on a public website.
  • Information that is de-identified or aggregated so that it cannot be used to identify an individual.

PIPEDA Compliance Requirements

PIPEDA requires organizations to be transparent about their collection, use, and disclosure of personal information. This means that organizations must inform individuals about why they are collecting their personal information, how it will be used, and who it will be shared with. 

Organizations must also obtain the consent of individuals before collecting, using, or disclosing their personal information unless the collection is required by law or is necessary for the organization to provide a product or service.

Organizations are also required to protect the personal information they collect from unauthorized access, disclosure, or misuse. This means that they must have appropriate safeguards in place to prevent unauthorized access to personal information, such as secure servers, firewalls, and encryption.

There are some exceptions to the rules set out in PIPEDA. For example, organizations are not required to obtain consent for the collection, use, or disclosure of personal information if it is necessary for the organization to investigate a breach of an agreement or a contravention of the law. Additionally, personal information can be disclosed without consent in certain circumstances, such as when it is necessary to protect an individual's life, health, or security, or when it is required by law.

Individual’s Rights Under PIPEDA

PIPEDA also gives individuals the right to access their personal information and request that it be corrected if it is inaccurate. Individuals can make a request to access their personal information by contacting the organization that holds it. The organization must respond to the request within 30 days and provide the requested information unless there is a legal reason for not doing so.

Conclusion

In summary, personal information under PIPEDA is any information about an identifiable individual that is collected, used, or disclosed by an organization in the course of commercial activities. Organizations must be transparent about their collection, use, and disclosure of personal information and must obtain the consent of individuals before collecting, using, or disclosing it unless there is a legal exception. PIPEDA also requires organizations to protect the personal information they collect and gives individuals the right to access and request correction of their personal information.

More from the Blog

GenixTec has achieved HIPAA Compliance with Accountable
Compliant Tools

GenixTec has achieved HIPAA Compliance with Accountable

HIPAA and Workforce Training
HIPAA

HIPAA and Workforce Training

Understanding HIPAA Certification
HIPAA

Understanding HIPAA Certification

Is Google Docs HIPAA Compliant?
Compliant Tools

Is Google Docs HIPAA Compliant?

Is Calendly HIPAA Compliant?
Compliant Tools

Is Calendly HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is Google Sheets HIPAA Compliant?

Is iCloud HIPAA Compliant?
Compliant Tools

Is iCloud HIPAA Compliant?

President Biden Looks to Boost Cybersecurity at U.S. Ports
Data Security

President Biden Looks to Boost Cybersecurity at U.S. Ports

Get Started
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to chat?

See how some of the fastest growing companies use Accountable to build trust through privacy and compliance.
Trusted by
Accountable Compliance Management Logo

We make it easy to get your own HIPAA Certification and build trust with your customers and patients.

Product
PlaybooksHow it worksProductPricingWatch DemoSeal of ComplianceGet Support
Solutions
HIPAAGDPR
Resources
BlogHIPAA TrainingHIPAA Risk AnalysisGDPR Risk Analysis
Company
AboutCareersSupportContact UsPrivacy CenterProduct Updates
Account
Sign InForgot Password

"Accountable allowed us to quickly establish Core Compliance with HIPAA as well as a firm foundation for our Security Program." - Michael H.

© 2024 Accountable HQ, Inc.
SitemapTerms of ServicePrivacy Policy