In accordance with section 29 of PIPEDA, Part I of the Act ("Protection of Personal Information in the Private Sector") must be reviewed by Parliament every five years.
[4] PIPEDA incorporates and makes mandatory provisions of the Canadian Standards Association's Model Code for the Protection of Personal Information, developed in 1995.
Under the Act, personal information can also be disclosed without knowledge or consent to investigations related to law enforcement, whether federal, provincial or foreign.
Finally in 2004, any organization that collects personal information in the course of commercial activity was covered by PIPEDA, except in provinces that have "substantially similar"[8] privacy laws.
As of October 2018, seven provinces have privacy laws that have been declared by the federal Governor in Council to be substantially similar to PIPEDA:[9] Notable provisions of PIPA:[16] The Personal Health Information Protection Act, known by its acronym PHIPA (typically pronounced 'pee-hip-ah'), established in 2004, outlines privacy regulations for health information custodians in Ontario, Canada.
[17] The Personal Health Information Protection Act serves three important functions: On June 18, 2015, the Digital Privacy Act (Senate Bill S-4[18]) became law, amending the PIPEDA[19] to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates.
The PIPEDA sets out ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities.
[citation needed] PIPEDA provides, at section 14, the complainant the right to apply to the Federal Court of Canada for a hearing with respect to the subject matter of the complaint.