Canada’s data privacy law, the Personal Information Protection and Electronic Documents Act, or PIPEDA, governs how private Canadian companies are responsible for the collection, use and disclosure of personally identifiable information (PII) during the course of their regular business activities. PIPEDA fist came into law in 2000 and must be reviewed by parliament every 5 years. The last update to PIPEDA came into law on November 1, 2018, and for the first time, it included regulations for disclosing a cyber security breach.
