Privacy and your business
The way you treat your clients' information matters. In Canada, most businesses have to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) which regulates how you may collect, use and disclose the personal information you gather as you do business. Some provinces, territories and industry sectors are subject to other regulations.
Understand your privacy obligations under PIPEDA
- Privacy Guide for Small Businesses: The Basics
Read this short guide to understand the basics about handling personal information in a small business.
- A guide for businesses and organizations — Your privacy responsibilities
Get detailed information on the rules for the management of personal information in the private sector.
- How to ensure your business complies with PIPEDA
Complete a privacy questionnaire or read a fact sheet to understand the regulations that affect your business.
- Determining the appropriate form of consent
Find out how to get permission to collect, use or disclose someone's personal information. The way you seek consent depends on how sensitive the information is and how you plan to use it.
- "Can I see some ID?"
If you will be asking for identification, you should be up to date on what you can and cannot copy off a driver's licence.
- Guidelines for processing personal data across borders
If your data will be housed or processed outside of Canada, you need to ensure that you take reasonable measures to protect that information.
- Protecting employee records
Businesses located in Yukon, Nunavut and the Northwest Territories, as well as businesses in federally-regulated sectors, must take steps to protect employee records.
- Best Practices for Dealing with Pre-PIPEDA Personal Information (Grandfathering)
PIPEDA protects all personal information, including information collected before it came into force. Find out how to treat personal information that you collected before the law came into force.
Dealing with privacy breaches and complaints under PIPEDA
What happens if your business does not comply with PIPEDA or if you somehow fail to safeguard the information you collected? This information will help you understand what to do next.
- Information about privacy breaches and how to respond
Find out what a privacy breach is, how the Office of the Privacy Commissioner of Canada can help and what steps you should take.
- Organizations' Guide to Complaint Investigations
Find out what happens if someone files a privacy complaint against your business.
Provincial and territorial privacy laws
In addition to PIPEDA, your business may have to comply with provincial and territorial privacy laws. This can include general privacy laws or privacy laws that deal with specific types of information (that is, health records) or specific industry sectors (for example, credit reporting agencies). In some cases, provincial legislation has been determined to be substantially similar to PIPEDA. If your provincial legislation is considered substantially similar to PIPEDA, you do not need to comply with PIPEDA and are only subject to your provincial laws.
- Substantially similar legislation
Learn about provincial laws that are considered substantially similar to PIPEDA.
Stay up to date on privacy issues
If your business deals with a lot of personal information, you should make sure that you stay up to date on developments and best practices related to privacy and personal information protection. In addition to staying in touch with your lawyer on these issues, you can follow the Privacy Commissioner's blog.
- Office of the Privacy Commissioner of Canada Blog
The Privacy Commissioner's blog is updated regularly; you will find the most up to date developments and issues related to privacy and personal information protection.
- Date modified: