|
|
|
Privacy
and
PIPEDA/PHIPA
Homepage
|
PIPEDA
sounds like a mythical creature, but the Personal Information
Protection and Electronics Document Act (the “Act”)
is slowly becoming a part of our daily lives. Unlike the Privacy
Act and the Access to Information Act, PIPEDA compels any organization
engaged in commercial activity to establish a privacy policy so
that consumers will know in advance how their personal information
will be collected, used and disclosed.
PIPEDA was brought into force in three stages. The first part
of the Act was in force on January 1, 2001 and applies to federally-regulated
works or undertakings engaged in commercial activity. The second
phase, in force in January 1, 2002 applies to personal health
information that is collected, used or disclosed by federally-regulated
works or undertakings. The third and final phase has been in force
since January 1, 2004 and it expands the Act to apply to all organizations
engaged in commercial activity.
PIPEDA operates in each province that does not have “substantially
similar legislation.” Since December 2004 the Federal Government
has deemed the privacy legislation in Quebec, Alberta and British
Columbia as “substantially similar” to PIPEDA. Accordingly
PIPDEA is not enforceable on local provincial businesses in those
provinces but it will remain in effect as it relates to federal
works and undertakings.
In 2004, Ontario enacted the Personal Health Information
Protection Act (PHIPA) to establish
rules for the collection, use and disclosure of personal information
related to health care. PHIPA also provides individuals a right
to access, correct or amend their personal health information
held by health organizations and to provide individuals with a
method to resolve complaints for contravention’s under the
Act. The Federal government has not reviewed PHIPA to see if it
meets the “substantially similar” criteria. If PHIPA
is declared substantially similar to PIPEDA, then it will replace
PIPEDA insofar as it relates to health information. |
|