One of your privacy rights under PIPEDA is to request access to a copy of your personal information from organizations subject to PIPEDA.
In fact, one of the 10 privacy principles of PIPEDA was crafted entirely to provide individuals with access to their personal information.
When requesting information under PIPEDA you must do so in writing. Be sure to include enough information so that the organization may identify you and your records. This may include your full name, address, account or order numbers, and the approximate date that you provided the organization with personal information.
You should address your letter to the organization’s privacy officer. However, because many organizations are small and may not have someone specifically employed as a privacy officer, you can address the letter to the organization’s secretary, customer service, compliance, or legal department.
Here is an example:
Under section 4.9 of Schedule 1 of Canada’s federal privacy legislation — The Personal Information Protection and Electronic Documents Act — I am requesting a copy of all records which contain my personal information from your organization.
You are obligated to provide copies at a free or minimal cost within thirty (30) days in receipt of this letter. If you choose to deny this request, you must provide a valid reason for doing so under Canada’s PIPEDA. Ignoring a written request is the same as refusing access.
If your organization fails to provide a reason within thirty (30) days, I may file a complaint with the Office of the Privacy Commissioner of Canada.
Please let me know if you require additional information from me before you proceed.
If you do not normally handle these types of requests, please forward this letter to the person in your organization responsible for privacy compliance.
Here is information that may help you identify my records:
How Do I Know of PIPEDA Applies?
PIPEDA will apply to the commercial transactions of organizations operating in Canada’s private sector (read more about Canadian privacy legislation).
More specifically, PIPEDA applies to organizations that are federally regulated and fall under the legislative authority of the Parliament of Canada, such as the telecommunications and broadcasting industry, and all local businesses in Yukon, Nunavut, and the Northwest Territories.
In addition, PIPEDA applies to the private sector of each province unless a province has enacted its own privacy legislation that is substantially similar to PIPEDA, such as British Columbia, Alberta, and Quebec.
Credit unions in Canada are subject to PIPEDA. This is why you can request a free copy of your credit report.
Learn more about Canadian privacy legislation, your privacy rights under PIPEDA, or the individual access principle.
Be First to Comment