The Personal Information Protection and Electronic Documents Act is a Federal Act that came into force January 1, 2004. It requires any business or group (non-profit or otherwise) that performs “commercial transactions” (buying, or selling) to take responsibility for the personal information they collect.
Personal information is defined as anything other than the sort of information that appears on a business card or in a phone book. This would include credit card information, dates of appointments, buying preferences, records of past purchases, health information, and any other information that can be connected with a person.
In addition, the PIPED Act gives people more clearly defined rights to control their personal information.