Privacy Legislation - Canada & Manitoba
Canada's Privacy Legislation - PIPEDA
Canadian businesses and organizations are required to follow the guidelines set out in the Personal Information Protection and Electronic Documents Act (PIPEDA.) This privacy legislation is designed to protect personal information about an identifiable individual. How you manage personal information and how you dispose of it is covered under this act. Please click here to see the Phoenix PIPEDA Fact Sheet and learn more about PIPEDA and your obligations under this act. View the entire PIPEDA Act. View the "Guide for Businesses and Organizations" for PIPEDA.
The Personal Health Information Act - PHIA
The Personal Health Information Act was enacted in 1997 to ensure individual access to, and privacy of, personal health information maintained by health care providers, government and local public bodies. PHIA provides people with the right to:
- access their personal health information, and
- have their personal health information kept private when that information is held by a health care provider, health care facility or public body (referred to in the Act as "trustees").
The Freedom of Information and Protection of Privacy Act - FIPPA
The Freedom of Information and Protection of Privacy Act (FIPPA) provides a right of access to information in records held by public bodies. With certain exceptions, you may see and obtain copies of records from Manitoba government departments, government agencies, local governments, school divisions, universities and colleges, regional health authorities, and other local public bodies.
FIPPA also protects your personal information. It establishes rules for the collection, use and disclosure of personal information by public bodies. It gives you the right to access your own personal information and to correct any information that public bodies hold about you.
Upcoming Manitoba Legislation
The Personal Information Protection and Identity Theft Prevention Act (PIPITPA)
PIPITPA is the upcoming Manitoba Privacy Legislation with rules around the collection, use and disclosure of personal information. The act will cover employee information as well. PIPITPA contains "Breach Notification" which will obligate an organization to notify an individual directly if their personal information has been lost, accessed or disclosed without authorization.
PIPITPA was passed and received Royal Assent in September 2013. The Act is awaiting proclamation.