An Overview of PIPEDA

The Personal Information Protection and Electronic Documents Act (a.k.a. PIPEDA) is the federal privacy law for private-sector organizations in Canada. Generally, PIPEDA dictates how and when an organization collects, uses, and discloses the personal information of Canadian citizens.

Similar to the European Union's General Data Protection Regulation (GDPR), Canadian citizens maintain the right to access personal information held by an organization, know why the information was collected, and challenge the accuracy of the information.

As an organization, in order to comply with PIPEDA, you must:

  • Report breaches involving the loss of personal information
  • Notify affected individuals about those breaches
  • Notify other organizations affected by those breaches
  • Track and keep lost records for 24 months
  • Follow additional procedures, outlined here

Additionally, this must all be done “as soon as feasible after [it’s] determined that a breach of security safeguards involving a real risk of significant harm has occurred.” (PIPEDA)

Coalition’s Coverage for PIPEDA

Thankfully, Coalition is here to help you understand how to comply with PIPEDA and help you respond to potential and actual violations. By default, Coalition’s comprehensive cyber insurance policy covers security failures and data breaches requiring compliance with PIPEDA, and our policy will respond by paying breach response costs, claim expenses, and any resulting damages.

Similarly, Coalition’s policy responds by paying on your behalf for claim expenses and regulatory penalties from a regulatory proceeding arising from a security failure or data breach. This includes the alleged violation of PIPEDA.

Finally, Coalition offers enhanced coverage which includes affirmative coverage for claims arising from an alleged PIPEDA violation that is not caused by a security failure or data breach. This enhanced language also covers allegations brought against the insured for failing to comply with PIPEDA and with their own privacy policy.

More specifically, the coverages address certain aspects of PIPEDA that are also addressed in an insured’s privacy policy regarding:

  • Prohibition or restriction regarding disclosure, sharing, or selling of personal information
  • The insured’s policy regarding giving access to personal information or to amend or change personal information after a request is made by the individual
Did this answer your question?