Search this Site

> Resources for Organizations

What are my organization’s responsibilities under PIPA?

The Personal Information Protection Act (PIPA) sets out requirements for how organizations may collect, use, disclose and secure personal information. The following briefly describes your organization’s responsibilities under PIPA (Click here for the legislation itself and here for a Guide to PIPA for more detailed information).

Consent to collect personal information
Get consent for collecting, using and disclosing an individual’s personal information, except where PIPA excuses consent (such as employee personal information reasonably needed for the employment relationship; in an emergency; for an investigation where consent would compromise the availability or accuracy of the information). Get consent in a form appropriate to the sensitivity of the personal information. If an individual modifies or withdraws consent, comply with the change. If an individual wants to withdraw consent, explain the consequences of withdrawal.

Collection of personal information
Collect personal information only for reasonable purposes and collect only as much as is reasonable for those purposes. Unless PIPA permits otherwise, collect personal information directly from the individual concerned and tell the individual how you will use and disclose the information at the time you collect it or before. 

Use and disclosure of personal information
Use and disclose personal information only for the purpose for which it was collected unless the individual consents, or if PIPA permits the new use or disclosure without consent.

Access to personal information
On request, provide an individual with information about the existence, use and disclosure of the individual’s personal information and provide access to that information unless PIPA excuses you from giving access in whole or in part. On request, and where satisfied on reasonable grounds, correct information that is inaccurate or incomplete.  You may charge a minimal fee for responding to a  request, but the fee should not be a barrier to access.

Accurate & complete personal information
Ensure that personal information you have is as accurate and complete as necessary for the purpose you use it for. Ensure it is secure. Keep it for only as long as reasonable for business or legal reasons.

Designate a Privacy Officer
Designate someone in your organization who is responsible to ensure your organization complies with PIPA. PIPA requires this.

Policy & Procedures
Develop policies and procedures that are necessary for your organization to meet its obligations under PIPA, as well as a complaint process respecting the application of PIPA, and make these available to individuals upon request. PIPA requires this.

Resolution of Complaints 
If someone complains about your organization’s management of personal information, attempt to resolve the complaint in good faith and quickly.

Some of the resources on this page are in .pdf format and require Acrobat Reader to view. Please download free Acrobat Reader software at this link:
Private Sector
Members of the Public
Businesses & Organizations
Public Sector
Members of the Public
Government & Public Bodies
Quick Links
What's New
Helpful Forms
Legislation
Policies & Procedures (FIPPA)
Guide to OIPC Processes (PIPA)
Orders, Investigations & Decisions
Mediation Case Summaries
Resources
Education & Conferences
Media Room
Archives

 

home | sitemap | website policy | contact us

OIPC Copyright 2004