Bill 38, the Personal Information Protection Act (“PIPA”), which was introduced in the BC Legislature last April, received Royal Assent on October 23, 2003. It will come into force on January 1, 2004.
PIPA defines the types of personal information that businesses, non-profit organizations and charities can collect from clients, customers, employees and volunteers, and regulates what can be done with that information.
Like the Freedom of Information and Protection of Privacy Act(“FOIPPA”), which governs information held by public bodies, compliance with PIPA will be monitored through the Office of the Information and Privacy Commissioner in Victoria. The PIPA grants the Commissioner significant powers to initiate investigations and audits, hear complaints, conduct inquiries and issue orders requiring organizations to comply with provisions in the Act. Contraventions may result in fines or actions for damages for breach of the statute. Failure to comply with an order made by the Commissioner could result in fines of up to $100,000.