Organizations covered by Canada’s PIPEDA must generally obtain an individual's consent when they collect, use or disclose
that individual's personal information. People have the right to access their personal information held
by an organization. They also have the right to challenge its accuracy.
Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, they must obtain consent again. Personal information must be protected by appropriate safeguards.
