PIPEDA Compliance
Pandectes GDPR Compliance helps Shopify Stores comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) by scanning them and identifying the cookies and tracking technologies in use. The scan generates a report that classifies these technologies based on regulatory guidelines and provides options for updates to ensure compliance with PIPEDA.
What is PIPEDA?
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal privacy law that governs how organizations collect, use, and disclose personal information in the course of commercial activities. It applies to all private sector organizations engaged in commercial activities, and sets out the rules for how personal information should be handled. It establishes principles such as obtaining meaningful consent for the collection, use and disclosure of personal information, providing individuals with access to their personal information, and protecting personal information through appropriate security measures. PIPEDA also requires organizations to report data breaches to affected individuals and the Privacy Commissioner of Canada, as well as to implement policies and procedures to protect personal information. PIPEDA applies to all provinces and territories of Canada, with the exception of Quebec, British Columbia, and Alberta, which have their own private sector privacy laws that have been deemed substantially similar to PIPEDA.
Who does the PIPEDA apply to?
The PIPEDA applies to organizations engaged in commercial activities across Canada. This includes private sector companies, not-for-profit organizations, and federal works, undertakings, and businesses.
What happens if I don't comply with the PIPEDA?
Failing to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) can result in various penalties and enforcement actions, such as:
Administrative Monetary Penalties (AMPs): Organizations can be ordered to pay AMPs of up to $10,000 for each violation of the Act.
Compliance Orders: The Privacy Commissioner of Canada can issue compliance orders requiring organizations to take specific actions to come into compliance with PIPEDA.
Public findings: the Privacy Commissioner of Canada can issue public findings of non-compliance and make recommendations for organizations to take specific actions to come into compliance with PIPEDA.
Court action: The Privacy Commissioner of Canada may refer a matter to the Federal Court for further action if an organization does not comply with a compliance order or with the findings of a Commissioner.
Reputational Damage: Non-compliance with PIPEDA can also result in reputational damage to an organization, as it may be perceived as not being trustworthy with personal information.
It’s important to note that PIPEDA compliance is not only about avoiding fines and penalties, but also about protecting people’s personal information and respecting their rights.