In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations. PIPEDA outlines the rules that businesses must follow when handling personal information for commercial purposes.
PIPEDA includes private health-care or nutrition practices within the scope of private-sector organizations. On the other hand, personal information is defined in PIPEDA as
- any data about an identifiable individual; excluding name, title, business address, or work telephone number if the individual is an employee of an organization.
The PIPEDA grants rights to individuals, and obligations to organizations regarding privacy.
As an individual, PIPEDA grants you the right to:
- Have your personal data collected, handled, and disclosed by organizations only in an agreed upon reasonable way.
- Not have your personal information (held by an organization) disclosed without prior consent.
- Always know the reasons behind an organization storing or using your personal information.
- Have access to your personal information when stored by an organization
- Ask for your personal details to be amended (if incorrect) by an organization holding this data
- Expect organizations to have the appropriate security procedures in place to ensure the safety of your personal information.
- Expect organizations to hold accurate records regarding your personal information.
In the case of organizations, the PIPEDA sets the following obligations:
- To not collect, use, or disclose any personal information without prior consent from the implied parties
- To abide by the law when collecting personal information
- To collect personal information only when appropriate and reasonable
- To have reasonable and clear privacy policies in place detailing how the organization protects each individuals' personal information
- To make sure that the relevant security procedures are in place to ensure personal information is safe
Regional Canadian Laws
In addition to PIPEDA, Canada has other privacy laws governing the different provinces of the country:
- Quebec – An Act Respecting the Protection of Personal Information in the Private Sector
- Ontario – Personal Health Information Protection Act
- Alberta – Personal Information Protection Act (PIPA)
- New Brunswick – Personal Health Information Privacy and Access Act
- Newfoundland and Labrador – Personal Health Information Act
- British Columbia – Personal Information Protection Act
Each province's legislation will apply when individuals and organizations operate within the borders of each province.
PIPEDA will not apply to the 6 provinces listed above, due to being declared substantially similar to them, unless the personal information involved crosses the borders of the province involved (or the borders of Canada).
For Canada's provinces other than the ones listed above, PIPEDA may apply if their regional legislation has not been declared as substantially similar to PIPEDA.
How does NutriAdmin comply with the Canadian law
Here at NutriAdmin, we have a variety of technical safeguards and processes are in place. These will ensure that we comply with the Canadian privacy laws outlined above as a software provider, as well as enable you as a user of the software to abide by the law.
Our privacy and security practices involve:
- Secure hosting
- Account Access
- Data encryption in transit
- Data encryption at rest
- Private emails
- Secure firewall
- Secure infrastructure
For more details on our security measures at NutriAdmin, please check HIPAA and HITECH compliance at NutriAdmin.
In terms of cloud hosting and data storage, NutriAdmin's servers and databases are located in Europe. PIPEDA and other Canada regional laws do not restrict organizations to host their data within Canada only.
Your responsibilities as a NutriAdmin user
In order to comply with Canadian privacy laws, your have the following obligations:
- To obtain consent from your clients to handle their personal information
- To comply with the privacy laws of your country and province
- To protect your clients' personal information and handle it with care
- To not disclose your clients' personal information unless acting within the applicable law
- To train yourself and your employees with regards to privacy law to ensure you comply with applicable regulations
This content is intended for informational purposes only. It does not constitute legal advice and may be updated or amended at any time. You should always seek professional legal advice if you need to in order to ensure you comply with PIPEDA and the other Canadian laws in your specific case.