PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy, governing how organizations collect, use and disclose personal information.

PIPEDA gives Canadians the right to:

• know why an organization collects, uses or discloses your personal information
• expect an organization to collect, use or disclose your personal information reasonably and appropriately, and not use the information for any purpose other than that to which you have consented
• know who in the organization is responsible for protecting your personal information
• expect an organization to protect your personal information by taking appropriate security measures
• expect the personal information an organization holds about you to be accurate, complete and up-to-date
• obtain access to your personal information and ask for corrections if necessary
• complain about how an organization handles your personal information if you feel your privacy rights have not been respected

You cannot do better than Bitwarden

In accordance with PIPEDA, I store my clients’ sensitive information in one of the leading password manager applications. I use Bitwarden — why not start using it yourself for free, as an Individual User? It uses AES-CBC 256-bit encryption to protect users’ vault data, and PBKDF2 SHA-256 or Argon2 (my preference) to derive encryption keys.

In line with PIPEDA’s intentions, I further protect access to my password vaults with robust passwords and multi-factor authentication.

Since Bitwarden operates on a zero knowledge encryption model, they cannot access my clients’ information.

For more information, visit the Office of the Privacy Commissioner of Canada.