This would be one of the strictest privacy laws in the world, comparable to the GDPR or the California Consumer Privacy Act. Many American businesses have crafted their privacy policies to comply with PIPEDA, knowing that PIPEDA fulfilled the requirements for self- certification under the now invalidated EU-U.S. Safe Harbor and Privacy Shield program administered by the U.S. Department of Commerce. Compliance with PIPEDA will also satisfy most of the requirements for the privacy laws of any of the member states of the EU. Canada moved quickly to adopt legislation that complied with the 1995 EU Data Directive in order to both promote e-commerce and trade with the EU. PIPEDA adopts ten privacy principles: Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles. Principle 2 — Identifying Purposes The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. Principle 3 — Consent The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Principle 4 — Limiting Collection The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. Principle 5 — Limiting Use, Disclosure, and Retention Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes. 158
Made with FlippingBook - Online Brochure Maker