Table of Contents Table of Contents
Previous Page  14 / 16 Next Page
Show Menu
Previous Page 14 / 16 Next Page
Page Background

P e r s o n a l I n f o r m at i o n

Under PIPEDA, personal information

includes your:

name, race, ethnic origin, religion,

marital status, educational level

e-mail address and messages, IP

(Internet protocol) address

age, height, weight, medical records,

blood type, DNA code, fingerprints,


income, purchases, spending habits,

banking information, credit/debit card

data, loan or credit reports, tax returns

Social Insurance Number (SIN) or other

identification numbers.

C o m p l a i n t s t o t h e

P r i va c y C o mm i s s i o n e r

If you think an organization covered by

PIPEDA is not living up to its obligations, it

is important to try to address your concerns

directly with the organization.

Issues can often be resolved very quickly by

speaking with the right person.

You should try to resolve the matter with the

help of the person responsible for privacy

within the organization. In larger companies,

this individual is often called the privacy


F a i r I n f o r m at i o n P r i n c i p l e s

PIPEDA sets out 10 principles of fair information practices,

which set up the basic privacy obligations under the law.

They are:


Accountability -

Organizations should

appoint someone to be

responsible for privacy

issues. They should make

information about their

privacy policies and

procedures to available to



Identifying purposes -

Organization must identify

the reasons for collecting

your personal information

before or at the time of



Consent -


should clearly inform you

of the purposes for the

collection, use or disclosure

of personal information.


Limiting collection -

Organizations should limit

the amount and type of the

information gathered to

what is necessary.


Limiting use, disclosure

and retention -

In general,

organizations should use

or disclose your personal

information only for the

purpose for which it was

collected, unless you

consent. They should keep

your personal information

only as long as necessary.


Accuracy -


should keep your personal

information as accurate,

complete and up to date as



Safeguards -


need to protect your

personal information

against loss or theft by

using appropriate security



Openness -


organization’s privacy

policies and practices must

be understandable and

easily available.


Individual access -

Generally speaking, you

have a right to access the

personal information that

an organization holds about



Recourse (Challenging

compliance) -

Organizations must

develop simple and easily

accessible complaint

procedures. When you

contact an organization

about a privacy concern,

you should be informed

about avenues of recourse.

For more detailed information

about the Fair Information

Principles, please see our guide

for businesses, Your Privacy

Responsibilities, which is

available on our website.