Which act requires organizations to obtain consent when collecting and using personal identifiable information?

The correct choice is the Personal Information Protection and Electronic Documents Act (PIPEDA). This act is a significant piece of Canadian legislation that establishes requirements for organizations concerning how they handle personal information. Specifically, PIPEDA mandates that organizations must obtain consent from individuals before collecting, using, or disclosing personal identifiable information. This consent can be explicit or implied, but it must be informed, meaning that individuals should know what their information will be used for and how it will be handled.

PIPEDA is designed to protect the privacy of individuals and ensure that their personal data is not misused. Organizations must have policies and practices in place that demonstrate their commitment to the responsible management of personal information.

In contrast, the other options focus on different aspects of security or data management. The Payment Card Industry Data Security Standard pertains specifically to protecting credit card information, while the Economic Espionage Act of 1996 addresses theft of trade secrets and corporate espionage. The Cloud Security Alliance's Security Trust Assurance and Risk framework provides guidance on cloud security, but does not focus on the requirements for obtaining consent relating to personal information.