Skip to content


Comply with Canadian Data Privacy Guidelines for the Private Sector

• Assessment Report

• Policies & Procedures

• Remediation Tracking

• Action Plan Reminders

• Form Templates​

• Vulnerability Scan​

• Pen Testing

Demonstrate your Compliance with PIPEDA

Personal Information Protection and Electronic Documents Act (PIPEDA) is a privacy law in Canada that governs how private sector organizations handle personal information during commercial activities. PIPEDA sets out rules and principles for collecting, disclosing, and using personal information and provides individuals with certain rights and protections related to their personal data.

The primary purpose of PIPEDA is to strike a balance between an individual’s right to privacy and an organization’s need to collect, use, or disclose personal information for legitimate business purposes. The law aims to ensure that personal information is handled in a fair, transparent, and secure manner.

Fundamental principles of PIPEDA include:

  1. Obtaining consent for the collection, disclosure, and use of personal information
  2. Limiting the collection of personal information to only what is necessary for the purpose 
  3. Ensuring data accuracy
  4. Using appropriate safeguards to protect personal information
  5. Providing individuals access to their own information and the ability to challenge its accuracy

The Office of the Privacy Commissioner of Canada (OPC) monitors and enforces PIPEDA. The OPC is an independent agency that investigates complaints related to privacy breaches and non-compliance with the law. It also provides guidance to organizations and individuals regarding privacy rights and obligations.

PIPEDA applies to private sector organizations that collect, disclose, or use personal information during the course of commercial activities across Canada, except for provinces that have their own substantially similar privacy legislation (e.g., Alberta, British Columbia, and Quebec). This means that most businesses operating in Canada, including corporations, non-profits, and some individual entrepreneurs, have to comply with PIPEDA. However, certain organizations and activities are exempt from PIPEDA, such as those involving federal government agencies, the collection of personal information for personal purposes, and activities within provinces with substantially similar privacy laws.

Connect with our Certified Data Privacy Experts to assess your controls and prove your compliance with PIPEDA. Our engagement options are ideal for organizations of all sizes with and without an experienced in-house IT team. Connect with an expert or schedule a consultation to explore the option that is best for your organization. 

Engagement Options

Choose a plan that fits your need

Explore Blogs, Webinars and other Resources

Trusted by Reputed Companies

pVerify, Inc.
Electronic Data Solutions
Bernard Robinson & Company
Avance Care
Mr.Internet Systems
Vision Radiology
Tangible Solutions
Tangible Solutions
Med First Primary and Urgent Care
Arizona State Radiology
Dose Spot Company Logo
Forsyte I.T. Solutions
Tego Data

Accreditations and Associations

* Disclaimer: This list of accreditations is held by our team of employees and consultants.

What Our Clients Say

We used databrackets (formerly EHR 2.0) in our small medical practice for our risk analysis assessment to be in compliance with meaningful use. Their response was fast, the final report is detailed but simple and easy to follow. They were always available to answer our questions.
E. Compres
Pulmonary and Sleep Center of the Valley
I never miss the opportunity to learn something new …that’s why I am always registering to all free seminars offered on the web. databrackets (formerly EHR 2.0) happened to be the friendliest, comprehensive and up-to- date source of HIPAA Privacy and Security updates.
Alexandra V.
Community Healthcare Network
Today’s presentation was great! Thank you for sending the slides. My only feedback is that it would be fabulous to have the slides ahead of time so I could print them and take notes on the slides.Thanks for your time and knowledge today!
T.B., PM
Community Health Network
Particularly interesting was the flow chart on Administrative Simplification. I utilize all of the Security subcategories you list under the Security tile and appreciate knowing that I am hitting all of the relevant topics during my employee training.
Jessica B.
I have re-worked our original risk assessment….We are using databrackets' (formerly EHR 2.0) Meaningful Use Security Risk Analysis Toolkit and it meets our needs. It was easy to use and I believe that it very beneficial to our meeting meaningful use.
Bill Curtis
Neurosurgical Associates Of Texarkana, TX
Information (webinars) presented by databrackets (formerly EHR 2.0) highlights some of today’s most demanding healthcare topics. The webinars help to direct those operating in today’s rapidly changing environment in the right direction.
Candace M.
Privacy and Security Officer, Springhill Medical Center

Our Growing List of Credentials

0 +
0 +
0 +
Assessment Libraries
0 +
Years of Experience
0 +
External audits handled