PIPEDA (Personal Information Protection and Electronic Documents Act)

What is the PIPEDA (Personal Information Protection and Electronic Documents Act)?

PIPEDA is Canada’s federal privacy law governing the collection, use, and disclosure of personal information in commercial activities. Mobile applications and services operating in Canada must comply with the Act, which grants individuals certain rights over their personal data and requires organizations to protect it with appropriate security measures.

PIPEDA principles applying to mobile data

Principle 7 - Safeguards

Principle 7 (Safeguards) outlines the requirement for organizations to protect personal information with appropriate security measures against loss, theft, unauthorized access, disclosure, copying, use, or modification. Organizations developing mobile apps or handling personal data on mobile devices are obligated to implement reasonable safeguards to secure that information.

Mobile devices and applications compliant with PIPEDA

To comply with PIPEDA, organizations should protect all devices, applications and places where customer data is stored and accessed, including mobile devices. 

For a mobile device fleet, it means enforcing threat detection and response using a Mobile Threat Defense solution, as it will protect smartphones and tablets from malware, phishing, network exploits that cause personal data theft and leakage.

For mobile applications, it means ensuring all applications process data with appropriate safeguards and remediating risky behaviors and vulnerabilities with Static Application Security Testing and Compliance Audit.