Cyper is proud to be a Canadian Company. Cyper strives to comply with PIPEDA regulations in order to protect personal information in the course of our commercial activity.
Since 2017, we have been compliant with PIPEDA regulation.
Beginning of citation:
How the Act applies
PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of commercial activity.
The law defines a commercial activity as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.
Provincial privacy laws
Alberta, British Columbia and Quebec have their own private-sector privacy laws that have been deemed substantially similar to PIPEDA. Organizations subject to a substantially similar provincial privacy law are generally exempt from PIPEDA with respect to the collection, use or disclosure of personal information that occurs within that province.
Ontario, New Brunswick, Nova Scotia and Newfoundland and Labrador have also adopted substantially similar legislation regarding the collection, use and disclosure of personal health information.
Information that crosses borders
All businesses that operate in Canada and handle personal information that crosses provincial or national borders are subject to PIPEDA, regardless of the province or territory in which they are based (including provinces with substantially similar legislation).
Federally regulated organizations
Federally regulated organizations that conduct business in Canada are always subject to PIPEDA. The Act also applies to their employees’ personal information.
These organizations include:
- airports, aircraft and airlines;
- banks and authorized foreign banks;
- inter-provincial or international transportation companies;
- telecommunications companies;
- offshore drilling operations;
- radio and television broadcasters;
NOTE: Organizations in the Northwest Territories, Yukon and Nunavut are considered federally regulated, and are therefore also covered by PIPEDA.
If you are not sure if your business is subject to PIPEDA, please consult “Find the right organization to contact about a privacy issue” on our website.
What is personal information?
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions;
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs);
What is not covered by PIPEDA?
There are some instances where PIPEDA does not apply. Some examples include:
- Personal information handled by federal government organizations listed under the Privacy Act
- Provincial or territorial governments and their agents
- Business contact information such as an employee’s name, title, business address, telephone number or email addresses that is collected, used or disclosed solely for the purpose of communicating with that person in relation to their employment or profession
- An individual’s collection, use or disclosure of personal information strictly for personal purposes (e.g. personal greeting card list)
- An organization’s collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes
Unless they are engaging in commercial activities that are not central to their mandate and involve personal information, PIPEDA does not generally apply to:
- not-for-profit and charity groups;
- political parties and associations;
Municipalities, universities, schools, and hospitals are generally covered by provincial laws. PIPEDA may apply in certain situations.
Your responsibilities under PIPEDA
Businesses must follow the 10 fair information principles to protect personal information, which are set out in Schedule 1 of PIPEDA.
By following these principles, you will contribute to building trust in your business and in the digital economy.
The principles are:
- Identifying Purposes
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Individual Access
- Challenging Compliance
End of citation.