On Jan. 1, 2004, the federal privacy law that used to apply only to banks, airlines and broadcasters was expanded to all businesses, large and small, across Canada.

The law (called the Personal Information Protection and Electronic Document Act, or PIPEDA) is meant to protect the private information that consumers give to companies in the course of doing business.

But the law also means that your local video store will have to be just as worried about complying with the law — issuing consent forms and protecting customers' data — as airlines and banks are.

Some privacy lawyers said applying PIPEDA, intended for large companies under federal regulations, to small mom-and-pop businesses doesn't make sense because bigger companies already have bureaucracies in place that can handle this.

And some doctors worried that the law could prevent them from using online databases to collect and share information on a disease outbreak. They also complained that having patients fill out privacy questionnaires could slow down their treatment.

The federal law applies only to those provinces that don't have their own privacy policies in place. Quebec has had its own privacy laws on the books since 1994, and Alberta and B.C. have their own laws, as well.

• Companies need the consent of consumers to collect, use or disclosure their personal information.
• Companies have to tell consumers why they are collecting personal information and how that information will be used.
• Companies are only allowed to collect information that is needed for these purposes.
• This information is only allowed to be used for these specified purposes and can only be kept as long as needed for these purposes.
• Companies must ensure that this information is accurate and up-to-date.
• They must keep this information secure.
• Consumers can ask companies about their own information and can challenge the accuracy of that information. They can also ask about a company's policies concerning the management of personal information.
• Companies must designate a person or group of people who will be responsible for the company's compliance with these rules. Consumers can address complaints about the company's compliance to this person or group of people.