In 2002, the requirements imposed by PIPEDA will extend to encompass all personal health information. PIPEDA will ultimately extend to the collection, use, or disclosure of all personal information in the course of any commercial activity within a province in 2004. This change in Canadian law carries significant consequences for the general business practices of American companies that conduct, or may conduct, business with Canadians. It is therefore crucial for lawyers with clients collecting personal data on- and offline to familiarize themselves with its requirements in order to counsel clients effectively about their current and future obligations under this privacy legislation.
Toward that end, this Article provides a descriptive review of PIPEDA, paying particular attention to the requirements it imposes on American businesses that collect Canadians' personal information. As a backdrop for discussion of PIPEDA, Section II briefly sketches the protections of consumer privacy currently provided in the United States, the European Union ("E.U."),and Canada (prior to enactment of PIPEDA). Section III provides an in-depth discussion of the history, terms, and enforcement scope of PIPEDA, paying special attention to the implications of its provisions for American businesses. Lastly, Section IV suggests specific business processes that American businesses should adopt to be in compliance with the Act.
Juliana M. Spaeth, Mark J. Plotkin, and Sandra C. Sheets,
Privacy, Eh! The Impact of Canada's Personal Information Protection and Electronic Documents Act on Transnational Business,
4 Vanderbilt Journal of Entertainment and Technology Law
Available at: https://scholarship.law.vanderbilt.edu/jetlaw/vol4/iss1/3