The Canada Personal Information Protection and Electronic Documents Act (PIPEDA), which became effective on January 1, 2001, is a comprehensive data protection law. PIPEDA is similar to GDPR as it operates on principles encompassing accountability, collection and use limitation, accuracy, security and transparency. Unlike GPDR, PIPEDA applies to commercial "organizations" without distinguishing between controller and processors. Additionally, PIPEDA includes the individual rights of access and correction.
PIPEDA applies to:
The law is currently under review for modernization. For more information on PIPEDA, please click here.
IBM has implemented a process to review all its products, offerings and services against PIPEDA requirements. IBM believes that its standard technical and organization measures, in combination with IBM DPA, are sufficient security measures to meet the requirements of Canada’s PIPEDA.
The IBM DPA can be found on the IBM Terms site.