Compliance with the Personal Information

Protection and Electronic Documents Act

On January 1, 2001, Part I of the Personal Information Protection and Electronic Documents Act,

S.C. 2000, c. 5 (“PIPEDA”) came into force. PIPEDA, which was designed to ensure that Canadians

will have protection for personal information held by the private sector, was to be implemented in

three phases over three years. The final phase of implementation began on January 1, 2004.

Presently, PIPEDA applies to every organization across Canada that collects, uses or discloses

personal information in the course of commercial activities within a province and to all interprovincial

and international flows of personal information.

Unlike comparable legislation in the United States, PIPEDA is omnibus legislation that applies all

across the country. If a province enacts private sector privacy legislation that is found to be

substantially similar to PIPEDA, it means that an organization, a class of organizations, an activity

or a class of activities to which the legislation applies is exempt from the application of PIPEDA in

respect of the collection, use or disclosure of personal information that occurs within that province.

If a province enacts private sector privacy legislation that is not found to be substantially similar to

PIPEDA, the provincial law will remain operative but effective January 1, 2004, it will operate

concurrently with the federal law. With one exception, the federal provisions will take precedence to

the extent of any inconsistency and all organizations carrying out commercial activities will have to

comply with the provisions of PIPEDA. PIPEDA will continue to apply to flows of personal

information across provincial borders.