An Overview of PIPEDA
The Personal Information Protection and Electronic Documents Act (a.k.a. PIPEDA) is the federal privacy law for private-sector organizations in Canada. Generally, PIPEDA dictates how and when an organization collects, uses, and discloses the personal information of Canadian citizens.
Similar to the European Union's General Data Protection Regulation (GDPR), Canadian citizens maintain the right to access personal information held by an organization, know why the information was collected, and challenge the accuracy of the information.
As an organization, in order to comply with PIPEDA, you must:
- Report breaches involving the loss of personal information
- Notify affected individuals about those breaches
- Notify other organizations affected by those breaches
- Track and keep lost records for 24 months
- Follow additional procedures, outlined here
Additionally, this must all be done “as soon as feasible after [it’s] determined that a breach of security safeguards involving a real risk of significant harm has occurred.” (PIPEDA)
Coalition’s Coverage for PIPEDA
Thankfully, Coalition is here to help you understand how to comply with PIPEDA and help you respond to potential and actual violations. By default, Coalition’s comprehensive cyber insurance policy covers security failures and data breaches requiring compliance with PIPEDA, and our policy will respond by paying breach response costs, claim expenses, and any resulting damages.
Similarly, Coalition’s policy responds by paying on your behalf for claim expenses and regulatory penalties from a regulatory proceeding arising from a security failure or data breach. This includes the alleged violation of PIPEDA.
- Prohibition or restriction regarding disclosure, sharing, or selling of personal information
- The insured’s policy regarding giving access to personal information or to amend or change personal information after a request is made by the individual