Jan 2026
Understanding your responsibilities under the Personal Information Protection Act (PIPA) is essential for ensuring compliance and protecting the privacy of individuals. To help reinforce key concepts, we’ve created a quick poll on LinkedIn featuring definitions related to PIPA.
Below are the correct answers along with clear explanations to help strengthen your understanding of PIPA.
1. Which of the following is an example of personal information under PIPA?
(A) A company’s annual financial report
(B) An employee’s name, date of birth, and email address
(C) General industry statistics
(D) A published news article about a company
Correct Answer: (B)
Rationale: Examples of personal information include names, dates of birth, photographs, video footage, email addresses, and telephone numbers. Company financial reports, industry statistics, and news articles about companies are not personal information as they do not relate to identifiable individuals.
2. What does “use” of personal information mean under PIPA?
(A) Only the act of sharing information with third parties
(B) Only the act of collecting information from individuals
(C) Carrying out any operation on personal information, including collecting, storing, disclosing, and destroying it
(D) Only storing information in a database
Correct Answer: (C)
Rationale: “Use” is a defined term in PIPA that means carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it.
3. What is a “privacy notice” under PIPA?
(A) A warning that surveillance cameras are in operation
(B) A clear and easily accessible statement about an organisation’s practices and policies regarding personal information
(C) A legal document that must be filed with the government
(D) An internal memo to employees about privacy policies
Correct Answer: (B)
Rationale: Under Section 9(1), a privacy notice is a clear and easily accessible statement about an organisation’s practices and policies with respect to personal information. It must be provided to individuals and explain how their personal information is used.
4. How long can personal information be kept under PIPA?
(A) Indefinitely, regardless of need
(B) Only for as long as is necessary for the purpose for which it is used
(C) A maximum of 10 years
(D) Until the Privacy Commissioner requests its deletion
Correct Answer: (B)
Rationale: Section 12(2) requires that organisations ensure personal information for any use is not kept for longer than is necessary for that use. PIPA does not prescribe a fixed retention period-it depends on the purpose for which the information is held.
5. What constitutes a “breach of security” under PIPA?
(A) Any failure to meet sales targets
(B) A breach of security leading to the loss, unlawful destruction, or unauthorised disclosure of or access to personal information
(C) A disagreement between employees
(D) A failure to update the organisation’s website
Correct Answer: (B)
Rationale: Section 14 defines a breach of security as leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information. This includes both accidental and deliberate breaches.
For specific legal advice on PIPA, please contact a member of the Conyers regulatory team.