Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 232

Canadian law affects the processing of personal information related to Canadian residents. Chief among these, the Personal Information Protection and Electronic Documents Act (PIPEDA) is a national-level law that restricts how commercial businesses may collect, use, and disclose personal information.

Generally speaking, PIPEDA covers information about an individual that is identifiable to that individual. The Canadian government provides the following examples of information covered by PIPEDA:

 Race, national, or ethnic origin

 Religion

 Age

 Marital status

 Medical, education, or employment history

 Financial information

 DNA

 Identifying numbers

 Employee performance records

The law excludes information that does not fit the definition of personal information, including the following examples provided by the Information Commissioner of Canada:

 Information that is not about an individual, because the connection with a person is too weak or far-removed

 Information about an organization such as a business

 Information that has been rendered anonymous, as long as it is not possible to link that data back to an identifiable person

 Certain information about public servants such as their name, position, and title

 A person's business contact information that an organization collects, uses, or discloses for the sole purpose of communicating with that person in relation to their employment, business, or profession

PIPEDA may also be superseded by province-specific laws that are deemed substantially similar to PIPEDA. These laws currently exist in Alberta, British Columbia, and Quebec. PIPEDA generally does not apply to nonprofit organizations, municipalities, universities, schools, and hospitals.