PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA)

Organizations covered by Canada’s PIPEDA must generally obtain an individual's consent when they collect, use or disclose
that individual's personal information. People have the right to access their personal information held
by an organization. They also have the right to challenge its accuracy.


Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Personal information must be protected by appropriate safeguards.

  • ESPO Systems

    "PIPEDA, while similar to the EU initiative GDPR, is different in that it adds a challenge for businesses security to locate and secure private data. Therefore, just as ESPO Systems’ Forcepoint DLP Rules form an integral part of a client’s GDPR Procedures, we leverage PII Rules to ensure PIPEDA Compliance."