The federal government has officially recognized Alberta and British Columbia’s privacy legislation as being “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
Industry Canada officially made the announcement on Nov. 3, though it had announced its intentions to recognize B.C.’s and Alberta’s legislation as substantially similar earlier this year.
The move means that organizations in B.C. and Alberta that are subject to either province’s private-sector privacy laws are exempt from PIPEDA. This exemption applies to the collection, use and disclosure of personal information within either province.
PIPEDA will continue to apply to the collection, use and disclosure of personal information related to the operations of a federal work, undertaking or business (including banks, airlines and telecommunications companies) in both provinces, as well as to the cross-border collection, use and release of personal information.
“Both Alberta and British Columbia have privacy legislation that is considered substantially similar to PIPEDA,” read a Industry Canada statement. “This helps ensure the existence of an effective national standard for privacy protection, which also meets accepted international norms. Clear, consistent rules for the protection of personal information increase consumer and business confidence in online commerce.”
PIPEDA came into full effect on Jan. 1, 2004. It applies to all personal information collected, used or disclosed by private-sector organizations in the course of commercial activity. (With the exception of British Columbia, Alberta and Quebec which have their own privacy legislation that has been deemed to be substantially similar to PIPEDA.) PIPEDA’s privacy provisions are based on the Canadian Standards Association’s Model Code for the Protection of Personal Information.
PIPEDA’s key provisions state:
•organizations are required to seek the consent of individuals prior to collecting, using or disclosing their personal information;
•organizations must protect personal information with security safeguards appropriate to the sensitivity of the information; and
•individuals may access personal information about themselves held by an organization and have it corrected, if necessary.
For more information about PIPEDA and privacy legislation, see the related articles listed below.