The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy, governing how organizations collect, use and disclose personal information.

PIPEDA gives Canadians the right to:

  • know why an organization collects, uses or discloses your personal information;
  • expect an organization to collect, use or disclose your personal information reasonably and appropriately, and not use the information for any purpose other than that to which you have consented;
  • know who in the organization is responsible for protecting your personal information;
  • expect an organization to protect your personal information by taking appropriate security measures;
  • expect the personal information an organization holds about you to be accurate, complete and up-to-date;
  • obtain access to your personal information and ask for corrections if necessary; and
  • complain about how an organization handles your personal information if you feel your privacy rights have not been respected.

You cannot do better than Bitwarden

In accordance with PIPEDA, I store my clients’ sensitive information one of the leading password manager applications. I use Bitwarden — why not start using it yourself for free, as an Individual User? It uses AES-CBC 256-bit encryption to protect users’ vault data. It uses PBKDF2 SHA-256 or Argon2 (which is my preference) to derive users’ encryption keys — learn more these protocols for yourself.

In line with PIPEDA’s intentions, I further protect access to my password vaults with robust passwords and multi-factor authentication.

Since Bitwarden operates on a Zero knowledge encryption model, they cannot access my clients’ information!

Feel free to look at our links, to find other resources. If you want to hire MrIT to help you to exercise your PIPEDA rights, email me.