The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how Canadian businesses manage the collection, use, and disclosure of personal information. It is a significant concern to not only commercial organizations, but to their customers as well. This multi-part series is designed to help Canadian businesses better understand these laws and provide direction in applying them to their organizations and ensuring compliance.
In this multi-segment series, we’ve explored PIPEDA and discuss how businesses may be affected, particularly in how they manage personal information. We’ve provided guidelines to help businesses determine if they were compliant with the act and how they can become compliant as well as ways that a business can evaluate their cloud company to ensure they are compliant along with a checklist to guide them through the process.
This fourth segment, will explore provincial privacy laws in Canada. A business may find that, depending on what province it is in, it may be subject to additional provincial legislation. This is particularly true when it comes to health care, but it is absolutely vital when choosing a cloud service provider.
These laws apply to public bodies which include crown corporations, local governments, hospitals, police forces, healthcare industry organizations, and schools. If you own or operate a business within one of the Canadian provinces, it is important to understand the specific laws that pertain to the management of personal information of that province. An overview and brief description of the provincial laws for each province are described below.
Provincial Privacy Laws of Note
Other Provinces and Territories
Other territories and provinces and territories such as Manitoba, Saskatchewan, Prince Edward Island, Newfoundland & Labrador, Yukon, Northwest Territories and Nunavut do have their own privacy acts, but most of them are very close to PIPEDA with very similar or identical laws. However, it is still important that businesses in these provinces and territories review the laws as well as PIPEDA to ensure that the organization is compliant.
Each Canadian province has its own privacy laws in place to protect its citizens. Some have more regulation than others while some simply fall right in line with PIPEDA. It is vital that you are aware of and understand the laws that are in your province, particularly those that pertain to your organization or business. You also need to know how these laws affect your organization or business. You need to know if your provincial laws allow your collected information to leave the province or leave the country – or if there are specific restrictions or authorizations that must be obtained.
No matter what laws your business is under, it is integral that you perform a complete evaluation of how, where, and who is storing your data – and if they comply with all applicable laws. Just complying with the provincial laws is not enough, you still have to comply at the federal level (PIPEDA) as well. It is your responsibility to know how and where your data is handled. These laws are in place for a reason, to provide protection on the provincial level where issues such as education and healthcare are handled. Compliance not only provides protection of privacy, it also provides consistency and order.