Privacy is a complex area of the law with growing importance in the lives of Albertans. Determining which legislation applies to a particular organization can involve complex legal questions.
Many business organisations and small business owners are uncertain about what ‘privacy law’ involves and what they must do to comply with it. This confusion is not surprising, because there are four different privacy laws that apply in Alberta:
- The Personal Information Protection and Electronic Documents Act (PIPEDA);
- The Privacy Act;
- The Personal Information Protection Act (PIPA); and
- The Freedom of Information and Protection of Privacy Act (FOIPP).
Each of these privacy laws applies to a different category of organisations collecting or possessing information:
- PIPEDA applies to federally-regulated private organisations.
- PIPA applies to provincial private organisations.
- FOIPP applies to provincial government organisations. None of these statutes apply to private individuals gathering and using information for personal or domestic purposes.
- The Privacy Act applies to federal government organisations.
In general, private businesses are regulated by either PIPA or PIPEDA.
Both PIPA and PIPEDA regulate the collection, use, and disclosure of personal information about individuals. In most cases, the laws require consent from the person whose information is being gathered or used. In a business context, “personal information” often means information about customers or information about employees. However, these laws may govern other kinds of information, because they apply to other types of information used in connection with a business activity.
If you are unsure which law governs your business, and how those laws affect your business practices, Walsh LLP’s Business Law and Corporate Law group would be happy to assist you. If you have questions or concerns about your rights or obligations under privacy law, please contact us.