We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!
logo
  • Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • Enterprise & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • Government Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • Enterprise & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • Government

      Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.

    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

Personal Information Protection & Electronic Documents Act (PIPEDA)

  • author image

    Written By Namrata Sengupta linkdin

  • calender

    Updated on Feb 18, 2021

  • clock

    Min Reading 3 Min

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law for protecting the privacy of citizens. PIPEDA governs how private sector & federal organizations in Canada during commercial activity; collect, use, and disclose personal information (PI) in a way that upholds and recognizes the individual's right to privacy. The Act necessitates organizations to seek the individual's consent for collecting, using, or disclosing information beyond its explicitly defined and justified purpose. It empowers individuals with the right to access their personal information collected by an organization, know who is responsible for collecting the data and the reasons, and have the right to challenge the accuracy of data.

PIPEDA originally was implemented on April 13, 2000, to develop trust in electronic commerce; however, later came into full force in 2004. However, it later expanded to include industries such as healthcare, airlines, broadcasting, telecommunications, transportation, and banking. A key aspect of PIPEDA is the fact it is designed to maintain Canada's notification requirements consistent with the European Union, a trading partner of Canada. Further, as per section 29 of PIPEDA, Part I of the Act i.e. "Protection of Personal Information in the Private Sector" must be reviewed by Parliament every 5 years.

Laws Similar to PIPEDA in Canada

Provincial Privacy laws similar to PIPEDA in Canada are:

  • Quebec – An Act Respecting the Protection of PI in the Private Sector
  • Alberta – Personal Information Protection Act ("PIPA")
  • British Columbia – Personal Information Protection Act ("PIPA")

Organizations in Canada complying with similar provincial privacy laws are exempt from compliance to PIPEDA in terms of the collection, use, or disclosure of personal information that occurs within that province.

What is the Key Purpose of PIPEDA?

The main objective of PIPEDA is to ensure that personal information is collected, stored, and shared in ways that respect the fundamental right to privacy. Since several organizations use personal information to connect with their customers and help provide better services, it is important to ensure that personal information is kept private and confidential.

BitRaser-PIPEDA-Infographic
Read Complete Infographic
Close Infographic

Who Must Comply with PIPEDA?

PIPEDA applies to organizations that fall into the Federal Work, Undertakings, and Businesses (FWUB) category. As per the Office of the Privacy Commissioner of Canada, FWUBs include:

  • Banks
  • Radio and television stations
  • Inter-provincial trucking
  • Airports and airlines
  • Navigation and shipping by water
  • Telecommunication companies such as internet service providers, phone (cellular or landline companies), cable companies
  • Railways, canals, pipelines, ferries, etc. that cross borders

Organizations that are not an FWUB but deal in commercial activities that involve the flow of personal information or operate in a province that doesn't have a similar privacy law also fall in the ambit of PIPEDA.

What is the Territorial Reach of PIPEDA?

PIPEDA is a federal law that applies to personal information held by private businesses in:

Territorial-Reach-of-PIPEDA

What Is 'Personal Information (PI)' Under PIPEDA?

According to PIPEDA, personal information (PI) is information about an identifiable individual, which comprises any factual or subjective information. Personal information can the following:

  • Name, age, ID number's including driver's license, social insurance, passport
  • Race, national or ethnic origin, religion
  • Relationship or marital status
  • Medical, education, or employment history
  • Financial information
  • DNA
  • Information, Evaluation, Comments, or opinions about the individual as an employee.
  • PIPEDA-feature-image

What are the Guiding Principles of PIPEDA?

The PIPEDA has provided businesses with guiding principles to protect personal information and strengthen trust in the digital world. The key principles of PIPEDA to help organizations attain PIPEDA compliance include:

    a) Accountability: Every organization is responsible for personal information under its control. It must assign a designated Privacy Officer to ensure the organization's compliance with PIPEDA.

    b) Identifying Purposes: The Organization needs to identify the purposes for which personal data is being collected before or at the time of collection.

    c) Consent: An individuals' consent is required for the collection, usage or disclosure of personal information. There may be a few exemptions that apply to this principle like in situations regarding legal, medical or security reasons that make seeking consent impractical or impossible.

    d) Limiting Collection: Information should be collected as per the purpose identified by the organization and should be collected by fair and lawful means.

    e) Limiting Use, Disclosure, and Retention: Personal information must be retained only as long as required for the purpose identified. Unless the individual provides his consent otherwise or if it is required by law, the information can only be used or disclosed for the specific purposes for which it was collected.

    f) Accuracy: Personal information must be as complete, precise, and as updated as possible to properly satisfy the purposes for which it is collected.

    g) Safeguards: Personal information must be protected against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification with the help of appropriate security measures.

    h) Openness: Organizations must provide comprehensive information about their policies and practices regarding the management of personal data.

    i) Individual Access: Upon request, an individual must be provided information on the existence, use, and disclosure of their personal information. They shall also be provided access to that information. An individual shall also be able to challenge the correctness and completeness of the information and have it changed as appropriate.

    j) Challenging Compliance: An individual can challenge the organization's compliance based on PIPEDA's principles and convey their challenge to the Privacy Officer in charge of the company's PIPEDA compliance.

PIPEDA: Fines and Penalties

There is a fine of up to $100,000 per violation that may be levied on organizations that may knowingly violate PIPEDA guidelines for proactive data security safeguards, data breach reporting, and keeping data breach records.

Criminal Offences under PIPEDA

The main purpose of the PIPEDA is to create a good-faith agreement to protect personal information. Most cases of PIPEDA complaints are resolved effectively with positive results for both the business as well as the complainant. However, the PIPEDA has clearly stated three instances that may result in a criminal offense and may lead to criminal prosecutions:

    a) Purposefully destroying data or information after receiving a request to review it

    b) Retaliatory behavior against those employees who tried to follow the PIPEDA

    c) Hampering the investigation after a complaint has been lodged

Data Erasure – Technology to Help Attain PIPEDA Compliance

Data erasure can facilitate the 'retention' and 'safeguard' aspects of personal information to attain compliance with PIPEDA. Data erasure technology is based on overwriting the existing data with binary patterns in order to secure it from the breach. It can serve as a failsafe method for permanent removal of personal information after the specified retention period is over to ensure compliance with PIPEDA guidelines. Further, the erasure of sensitive data secures it from theft, unauthorized access, disclosure, copying, use, or modification, thus fulfilling the Safeguards principle for personal data in line with PIPEDA.

BitRaser, a professional data erasure software, can permanently remove (erase) data as per international standards thus guiding its safety from breach or unauthorized use. The tool also generates tamperproof reports and certificates of erasure to prove compliance with data privacy norms of PIPEDA.

BitRaser is NIST Certified

See All Certifications

Related Articles

New York Privacy Act 2021: An Insight

June 23, 2021

How Permanent Media Sanitization Helps in CMMC Compliance?

July 18, 2022

What Is Degaussing: Pros, Cons and Alternative?

Dec 23, 2021


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients
  • Residual Data Study

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2023 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

Submit Enquiry

Submit Enquiry

Usage*:     Business   Personal
mb1gN

I understand that the above information is protected by Stellar's Privacy Policy.

L2Utw

I understand that the above information is protected by Stellar's Privacy Policy.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...