Following 9/11, US government quickly moved to put in place legislation which would allow the government and security officials quick and limitless access into data banks containing personal information with the intent of being able to identify terrorists. This act is known as the Patriot Act. In Canada, there is an act known as PIPEDA, (Personal Information Protection and Electronic Documents Act) which governs the collection, use or disclosure of personal information collected through commercial activity.
What many Canadians may not be aware of is that many of the data banks that are used to store personal Canadian information ranging from financial to health data is kept in data banks in the US, where the Patriot Act takes precedent over the Canadian privacy act PIPEDA.
Some pieces of information such as a phone number or address are inconsequential, as they already appear in many easy to access directories, but there are pieces of information that you may wish to keep private for good reason. Many serious and detrimental consequences can occur from the illicit use of personal information. Identity theft, health information leaked, financial disclosures are some examples of information that Canadians are concerned about keeping secure and private.
PIPEDA is based on balancing individuals' right to the privacy of personal information with the need of organizations to collect, use, or disclose personal information for legitimate business purposes. The Act also established the Privacy Commissioner of Canada as the ombudsman for privacy complaints.
PIPEDA applies to the Canadian private sector/organizations who collect, use or disclose personal information in the course of commercial activities.
This Act is divided into five parts. Part One outlines the ground rules for managing personal information in the private sector. Parts Two through Five concern the use of electronic documents and signatures as legal alternatives to original documents and signatures.
PIPEDA is a consent-based Act, meaning that you must have consent to collect, use or disclose information. The Privacy Act is authority-based, meaning that you must ensure that you have the legal authority to collect, use or disclose information.
The Act is being released in a series of stages, each corresponding with what the Act will cover in terms of personal information. Stage One began in January, 2001. Stage Two began January 1, 2002 and the final stage occurs on January 1, 2004.