Today's San Francisco Chronicle has a column by David Lazarus about the difficulties in not only understanding some companies' privacy policies, but also knowing which applies as financial companies merge, sell accounts and outsource:
Looking-glass world of privacy policies:
Lazarus quotes a particularly sketchy policy, which essentially means the company will do everything it can legally do with your info. In the US, that's a lot of stuff:
"We do not disclose any nonpublic, personal information about our introduced customers or introduced former customers to anyone except as permitted by law."
That just wouldn't fly under PIPEDA.