PIPEDA, short for the Personal Information Protection and Electronic Documents Act, is Canada's federal privacy law for the private sector. It governs how businesses collect, use, and share personal information about people, and a website that takes contact-form submissions, runs analytics, or stores customer accounts is collecting personal information whether the owner thinks of it that way or not. In plain terms, PIPEDA expects you to be clear about what you collect and why, to use it only for the reasons you gave, and to keep it reasonably secure. For most small Canadian businesses this is lighter than it sounds: a clear privacy policy and sensible data handling cover the bulk of it. But it is a real legal framework rather than a suggestion, and it is the reason a Canadian site needs a genuine privacy policy instead of a paragraph copied from someone else's site. If a client collects personal data from Canadians, PIPEDA is the baseline their website is expected to respect. (Quebec's Law 25 adds further requirements for businesses operating there.)
Glossary entry