What are the Privacy Law obligations that organizations in Ontario are required to comply with?
Organizations that deal with personal information in the course of their commercial activities must consider the application of the Personal Information Protection and Electronic Documents Act (PIPEDA). The term “commercial activity” is defined as “as any particular transaction, act or conduct or any regular course of conduct that is of a commercial character.” PIPEDA requires organizations to comply with a series of rules based on 10 principles i.e. (1) accountability, (2) identifying purposes, (3) consent, (4) limiting collection; (5) limiting use, disclosure and retention, (6) accuracy, (7) safeguards, (8) openness, (9) individual access and (10) challenging compliance. The Office of the Privacy Commissioner oversees the enforcement of PIPEDA