Privacy and your business
The way you treat your clients' information matters. In Canada, most businesses have to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) which regulates how you may collect, use and disclose the personal information you gather as you do business. Some provinces, territories and industry sectors are subject to other regulations.
Understand your privacy obligations under PIPEDA
- Privacy Toolkit — A guide for businesses and organizations
Get detailed information on the rules for the management of personal information in the private sector.
- Privacy quiz for business
Take this mini-quiz to better understand the privacy regulations that affect your business.
- Determining the appropriate form of consent under PIPEDA
Find out how to get permission to collect, use or disclose someone's personal information depending on how sensitive it is and how it will be used.
- Your customer's driver's licence card: Do you need it?
If you ask your customers to present identification, you should know what information you can and cannot copy off a driver's licence.
- Guidelines for processing personal data across borders
If your data will be housed or processed outside of Canada, you need to ensure that you take reasonable measures to protect that information.
- Protecting employee records
If your business is in the North or if you conduct business within federally-regulated sectors, PIPEDA applies to your employee records.
Dealing with privacy breaches and complaints under PIPEDA
What happens if your business does not comply with PIPEDA or if you somehow fail to safeguard the information you collected? This information will help you understand what to do next.
- 10 tips for avoiding complaints to the Privacy Commissioner
Learn the steps you can take to respect privacy and avoid the weight of complaints and the negative attention an investigation could bring to your business.
- Information about privacy breaches and how to respond
Find out what a privacy breach is, how the Office of the Privacy Commissioner of Canada can help and the steps you should take when reporting a breach in privacy.
- Organizations' Guide to Complaint Investigations
Find out what happens if someone files a privacy complaint against your business.
Provincial and territorial privacy laws
In addition to PIPEDA, your business may have to comply with provincial and territorial privacy laws. This can include general privacy laws or privacy laws that deal with specific types of information (that is, health records) or specific industry sectors (for example, credit reporting agencies). In some cases, provincial legislation has been determined to be substantially similar to PIPEDA. If your provincial legislation is considered substantially similar to PIPEDA, you do not need to comply with PIPEDA and are only subject to your provincial laws.
- Substantially similar provincial legislation
Learn about provincial laws that are considered substantially similar to PIPEDA.
- Personal Information Protection Act
Learn about handling personal information in your business.
- Personal Information Protection Act (PIPA) — BC
Understand your requirements to protect your client data and use the security self-assessment tool to diagnose your business.
- Protection of personal information: your responsibilities in French only
Learn about your obligations when you collect, hold, use or share personal information on behalf of your business.
Stay up to date on privacy issues
If your business deals with a lot of personal information, you should make sure that you stay up to date on developments and best practices related to privacy and personal information protection. In addition to staying in touch with your lawyer on these issues, visit the Office of Privacy Commissioner's website and follow the Twitter account @privacyprivee to keep up to date on issues related to privacy and personal information protection.
- Date modified: