Canada: PIPEDA and Electronic Transactions Act
Is Portant compliant: Yes.
Portant's eSignatures meet the requirements of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the federal and provincial Electronic Transactions Acts (ETAs). Together these laws make electronic signatures legally recognised, enforceable, and secure across Canada.
Overview of PIPEDA and the Electronic Transactions Acts
PIPEDA and the ETAs set the standards for electronic signatures, electronic records, and the protection of personal data.
PIPEDA (Personal Information Protection and Electronic Documents Act)
- Location: Nationwide. Covers private-sector organisations that collect, use, or disclose personal information in commercial activities.
- Key point: Confirms that electronic signatures are valid and that personal data tied to electronic transactions must be handled securely.
Electronic Transactions Acts (ETAs)
- Location: Varies by province and federal jurisdiction. Each province has adapted its own version.
- Key point: Establishes electronic signatures and records as legally equivalent to paper records.
When and where these laws apply
- Type of transactions: Most commercial transactions that traditionally need a written agreement, including contracts, financial transactions, and other business documents.
- Jurisdictions: PIPEDA applies federally. ETAs cover both federal and provincial jurisdictions. Provinces like Ontario, British Columbia, and Alberta have their own privacy laws that operate alongside PIPEDA.
- Consent: All parties must consent to conducting the transaction electronically and to using electronic signatures.
Compliance requirements and how Portant meets them
| Compliance requirement | Description | Portant's compliance features |
|---|---|---|
| User consent | Parties must agree to electronic transactions and signatures. | Portant prompts users to confirm consent before signing. |
| Document integrity | Documents must remain secure and unaltered after signing. | Signed documents are locked and cannot be edited. |
| Audit trails | Records of the signing process serve as proof of validity. | Portant keeps logs of each action in the signing process. |
| Time stamping | Verifiable timestamps are required for legal authenticity. | Every signed document is timestamped. |
| Data protection | Personal data must be protected and handled lawfully under PIPEDA. | Portant uses encryption and secure storage. |
| Role-based access control | Access must be limited to authorised individuals only. | Document access and management are restricted to designated users. |
Practical considerations
- Get clear consent. Canadian law requires all parties to agree to use electronic means. Portant's consent prompts help confirm each user's agreement.
- Keep documents tamper-proof. Portant locks signed documents so they cannot be altered, preserving authenticity.
- Maintain accurate audit trails. See Audit trail for how to enable a full signing audit on a workflow.
- Check provincial variations. Each province has slightly different requirements under its own Electronic Transactions Act. If your transactions fall under stricter provincial laws, check those first.
- Watch for exceptions. Some documents (wills, powers of attorney, some family law documents) may still need a handwritten signature. Verify whether your document type is in scope.
Conclusion
Portant's eSignatures comply with PIPEDA and Canada's provincial Electronic Transactions Acts. With consent, document security, audit trails, and data protection built in, signatures created through Portant are legally valid, secure, and enforceable across Canada.
If you have questions about compliance, get in touch.