The Personal Information Protection and Electronic Documents Act (PIPEDA) and what type of data it covers, how to comply with the act’s new data breach notification rules and our series on the fundamentals of information security.
The Personal Information Protection and Electronic Documents Act (PIPEDA) refers to the federal privacy law for private sector organizations across the provinces of Canada.
The Act originally went into effect on April 13, 2000 to encourage trust in electronic commerce has been expanding as it includes the industries like banking, broadcasting and the health sector.
The purpose of the law as per the legislation is to govern the collection, use and disclosure of the personal information in such a way that it acknowledges the right to privacy of many individuals along with the respect to their personal information and also the need of all the organizations to procure, use and disclose the information which is personal and crucial for the purposes that a responsible person would consider appropriate in the circumstances.
Under PIPEDA, similar to the European Union’s General Data Protection Regulation – Individuals have the right to access all the personal information which remains in the same organization and we must know who is responsible for collecting it and why it has been collected, and to make up the challenges in its accuracy.
The most important aspect of PIPEDA is the fact that in practicality it is made and designed in such a way that it is designed to remain in Canada’s notification and its requirements which is continuously rational with the trading partners majorly European Union (EU).
PIPEDA has been deployed to deliver the required level of privacy and security protection to the EU which permits for the free flow of personal information from the European Union to all the canadian organizations.
The regulatory impact and its impact examination statement which gets published by the Canadian government in the year 2017.
The Act also requires organizations to acquire an individual’s consent either it gets expressed, implied and deemed – to procure, use and even disclose the information which is beyond what is required to attain the specific and legitimate purposes.
Let’s trace back the history
All the individuals even give into the fact that PIPEDA along with all the addition to ensure that the organizations collect, use and even disclose the personal information in such a manner that it remains consistent with the Act and even it permits for the creation of all the electronic alternatives for doing business with all the government agencies, facilitating the use of electronic documents in all the judicial proceedings and for giving legal recognition to all the electronic versions of all the official parliamentary publications.
PIPEDA allows Electronic Documents which pursue delivery for the use of electronic alternatives where all the federal laws examine the use of paper to make the record or communicate the information and even transactions.
In a layman language it means that Part 2 of the PIPEDA Act pursues to lay down on an equal footing. Part 2 of the Act even ensures that all the federal legislation alters the growing electronic environment by removing paper only requirements which appear in the legislation.
Part 2 of the Act however is not even preventive and organizations may opt in. The suitable command in charge can make a choice whether to frame policies about how the requirements under part 2 may get satisfied using the electronic means.
Part 2 also properly describes the characteristics of all the secure electronic signatures and even grants the authority which makes the policies that prescribes technologies and even processes for the purpose of defining secure electronic signatures. Before a technology or process can be prescribed:
The electronic signatures must be made unique to the person who keeps on using it.
The person whose electronic signature is made on the document must be in control of the use of all the technology which attaches the signature.
The technology must be used to make proper classification of the person using the electronic signatures.
The electronic signature must be associated with the electronic document to regulate whether the document has undergone some changes or not and whether the electronic signature has been attached to it or not.
Part 3 of PIPEDA make some amendments in the Canada Evidence Act which makes it more smooth for the admissibility of all the electronic documents in court which helps in establishing evidentiary assumptions which are related to secure all the electronic signatures and to deliver such evidences in courts which works as evidence of notices, acts and even other documents which are in the electronic forms.
Part 3 even requires and keeps into use secure electronic documents whenever the law delivers original documents or for all the statements where truth is required.
Part 4 makes the amendments in the statutory instruments Act to provide the notices and even acts which get published electronically by the Queen’s printer of the same legal authority just in the same manner how notices and acts get published in the paper form.
Finally in the last part it amends the Statute Revision Act to sanctions the publication and even the distribution of an electronic version of the consolidated statutes and even regulations of Canada and provides official status to all the electronic versions of revisions of the policies and procedures of Canada and even the consolidated versions of the rules, statutes and even the regulations.
PIPEDA and all such laws are framed to secure and manage the electronic versions of the crucial documents which are related to the healthcare and medical data of the individuals.
Such an Act will create less trouble for both the parties whether it is patients, physicians or the healthcare industry giants.
PIPEDA compliance will provide better facilities for all the individuals across the healthcare organizations at large.