Privacy is a fundamental requirement of digital identity interactions. As such, all participants in the PCTF have a responsibility to follow privacy-respecting practices. Privacy-respecting practices rely on the principle that individuals know and understand the details and potential benefits, risk of harm and consequences associated with managing their personal information, and can take action based on that information.
The Conformance Criteria for the Privacy Component specify how the Principles in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), defined in Schedule 1 of the legislation, are relevant/apply to the handling of digital identity data. PIPEDA applies to organizations handling personal information in the course of commercial activities. Note: These conformance criteria do not replace existing regulation; organizations are expected to comply with relevant privacy legislation, policy and regulations in their jurisdiction.