What privacy obligations do self-employed Canadians have under PIPEDA?
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's federal private-sector privacy law. It applies to businesses that collect, use, or disclose personal information in the course of commercial activity — including many self-employed individuals. **Who must comply:** If you collect personal information from clients or customers (names, addresses, payment details, health information), PIPEDA likely applies to your business, regardless of size. **Core PIPEDA principles:** - **Accountability**: Designate someone (yourself, as a sole proprietor) responsible for privacy compliance - **Consent**: Obtain meaningful consent before collecting personal information - **Limited collection**: Only collect information you actually need - **Purpose limitation**: Use information only for the purpose it was collected - **Retention**: Only keep personal information as long as necessary - **Security**: Protect personal information using appropriate security safeguards - **Access**: Individuals can request access to their personal information you hold **Provincial equivalents:** British Columbia, Alberta, and Quebec have their own substantially similar private-sector privacy laws. In Quebec, Law 25 (previously Bill 64) has significant additional requirements. Note: PIPEDA does not apply to personal information collected for personal or household use (e.g., your own personal contacts list).
- PIPEDA applies to most self-employed Canadians who handle client data
- Obtain meaningful consent before collecting personal information
- Only collect, use, and retain data for the stated purpose
- BC, AB, and QC have their own substantially similar provincial privacy laws
- Quebec's Law 25 has stricter requirements including mandatory Privacy Impact Assessments