Which of the following is a requirement under PIPEDA?

The requirement to set personal information policies is a fundamental aspect of the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, organizations are required to develop and implement privacy policies and practices that govern how they handle personal information. This includes clearly defining how personal data will be collected, used, disclosed, and safeguarded.

Establishing these policies not only ensures compliance with legal obligations but also fosters transparency and accountability. It helps organizations communicate their practices to customers and employees, thus building trust. The policies should reflect the principles outlined in PIPEDA, such as obtaining meaningful consent for the collection and use of personal information, limiting the use of that information to the purposes for which it was collected, and providing individuals with access to their own data.

In contrast, collecting data without consent goes against the core principles of PIPEDA, which emphasizes the importance of consent in handling personal information. Providing free access to all personal data is not a specific requirement of PIPEDA, as there are guidelines on access but also conditions and limitations. Monitoring public behavior online does not align with the intent of PIPEDA regarding the protection and ethical handling of personal information.