PIPEDA
Applies to commercial activities and the interprovincial/international transfer of personal information. Covers most Canadian businesses outside QC, AB and BC.
Canadian businesses outside Quebec are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) or, in certain provinces, to equivalent provincial laws (PIPA Alberta, PIPA British Columbia).
Synéra supports Canadian private-sector businesses in implementing PIPEDA's 10 fair information principles, assessing cross-border transfers, managing incidents and upgrading for the proposed federal Bill C-27 (CPPA).
Applies to commercial activities and the interprovincial/international transfer of personal information. Covers most Canadian businesses outside QC, AB and BC.
A provincial law deemed "substantially similar" to PIPEDA. Governs the private sector in Alberta. Breach notification to the provincial commissioner is mandatory.
Governs the private sector in BC. Notably requires that a privacy officer be appointed and that personal information protection policies be made public.
The proposed bill to replace PIPEDA. It will strengthen obligations and further align Canada with the GDPR. Synéra monitors developments to anticipate the transition.
PIPEDA requires every business to respect ten fundamental principles in the collection, use and disclosure of personal information.
A designated person must be answerable for the organization's compliance.
The purposes of collection must be identified before or at the time of collection.
Any collection, use or disclosure generally requires informed consent.
Only the personal information necessary for the stated purposes may be collected.
Personal information may not be used for other purposes without renewed consent.
Personal information must be accurate, complete and up to date for the intended purposes.
Protections appropriate to the sensitivity of the personal information must be in place.
Policies and practices must be readily accessible to the public.
Every individual has the right to access and correct the personal information about them.
Every individual must be able to challenge compliance with the principles above.
An inventory of the personal information collected, its purposes, cross-border flows, subcontractors involved, and processing register.
Drafting of public policies, consent forms, incident registers, and subcontractor agreements for cross-border transfers.
Our partner RB Avocats handles legal opinions, crisis management and defence in the event of a complaint to the federal Office of the Privacy Commissioner.
An outsourced Privacy Officer service for businesses that prefer not to hire in-house. Packages tailored to the size of the business.
Whether you are based in Ontario, Alberta or British Columbia — or transferring personal information between provinces — Synéra coordinates the support to bring you into compliance.