Privacy and your business
The way you treat your clients' information matters. In Canada, most businesses have to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) which regulates how you may collect, use and disclose the personal information you gather as you do business. Some provinces, territories and industry sectors are subject to other regulations.
Understand your privacy obligations under PIPEDA
- Protecting employee records
If your business is in the North or if you conduct business within federally-regulated sectors, PIPEDA applies to your employee records.
- Guidelines for processing personal data across borders
If you plan to transfer personal information to an organization in a foreign country for processing, you must take concrete steps to protect it.
- Your customer's driver's licence card: Do you need it?
If you ask your customers to present identification, you should know what information you can and cannot copy off a driver's licence.
- Determining the appropriate form of consent under PIPEDA
Find out how to get permission to collect, use or disclose someone's personal information depending on how sensitive it is and how it will be used.
- Privacy quiz for business
Take this mini-quiz to better understand the privacy regulations that affect your business.
- Privacy Toolkit — A guide for businesses and organizations
Get detailed information on the rules for the management of personal information in the private sector.
- The European Union's General Data Protection Regulation
If you handle the personal data of EU residents while exporting goods or services to them, these regulations may apply to you.
Dealing with privacy breaches and complaints under PIPEDA
What happens if your business does not comply with PIPEDA or if you somehow fail to safeguard the information you collected? This information will help you understand what to do next.
- Information about privacy breaches and how to respond to them
Find out what a privacy breach is, and learn the steps to take when a breach happens.
- 10 tips for avoiding complaints to the Privacy Commissioner
Learn the steps you can take to respect privacy, and avoid the weight of complaints and negative attention an investigation could bring to your business.
Provincial and territorial privacy laws
In addition to PIPEDA, your business may have to comply with provincial and territorial privacy laws. This can include general privacy laws or privacy laws that deal with specific types of information (that is, health records) or specific industry sectors (for example, credit reporting agencies). In some cases, provincial legislation has been determined to be substantially similar to PIPEDA. If your provincial legislation is considered substantially similar to PIPEDA, you do not need to comply with PIPEDA and are only subject to your provincial laws.
- Substantially similar provincial legislation
Learn about provincial laws that are considered substantially similar to PIPEDA.
- Personal Information Protection Act (Alberta)Only Applies to : AlbertaLearn about handling personal information in your business.
- Personal Information Protection Act (PIPA) — BCOnly Applies to : British ColumbiaUnderstand your requirements to protect your client data and use the security self-assessment tool to diagnose your business.
- Protection of personal information: your responsibilities Only Applies to : QuebecLearn about your obligations when you collect, hold, use or share personal information on behalf of your business.
Stay up to date on privacy issues
If your business deals with a lot of personal information, you should make sure that you stay up to date on developments and best practices related to privacy and personal information protection. In addition to staying in touch with your lawyer on these issues, visit the Office of Privacy Commissioner's website to keep up to date on issues related to privacy and personal information protection.
- Date modified: