No respect for PIPEDA.

Author:Swartz, Nikki
Position:UP FRONT

A new study has found widespread non-compliance with the Personal Information Protection and Electronic Documents Act ("PIPEDA"), Canada's principal privacy legislation. The April 2006 survey, "Compliance with Canadian Data Protection Laws: Are Retailers Measuring Up?" conducted by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) revealed non-compliance with federal laws requiring openness, accountability, consent, and individual access to personal data.


PIPEDA was introduced in 2001 to protect Canadians from the inappropriate collection, use, and disclosure of their personal data by organizations in the course of commercial activities. Five years later, according to the survey, it is not clear to what extent organizations are in fact respecting the legislation.

The survey assessed 64 online retailers for compliance with the PIPEDA requirements for openness, accountability, and consent. Seventy-two online and offline retailers were also assessed for compliance with the PIPEDA requirement for individual access. The results indicate widespread non-compliance in all four areas.

While almost all companies assessed (94 percent) had a privacy policy and were aware of the need to respect customer privacy, many failed to fulfill even basic statutory requirements such as providing contact information for their privacy officers, dearly stating what they do with consumers' personal information, and responding to access to information requests.


To continue reading