Skip to main content

Learning about privacy legislation

Good privacy is good business. All Canadian businesses are required by law to create their own privacy policies that outline how they collect, use and disclose personal information about individuals. Individuals have the right to see what information has been collected from them. People are concerned how a firm will use their private information, so the existence of a comprehensive privacy policy that is easily understood by customers and employees will put them at ease. When firms fail to comply with privacy laws, lawsuits and punitive damages may occur. The following resources will help you create your firm’s privacy policy.

Does privacy legislation apply to me?.... YES!

The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to all federally-regulated businesses in Canada, with the exception of British Columbia, Alberta and Quebec who have created their own provincial privacy laws.

What is personal information?

Personal information includes age, name, height, weight, medical records, identification numbers, income levels, blood type, ethnic origin, opinions, evaluations, comments, social status, employee files, credit or loan records, credit card numbers, email addresses and so forth. Generally any information not made available on a business card is protected. 

How can I be sure that I comply?

The tool, Privacy Toolkit for Businesses is a great place to start as well as our CFIB handout "Privacy Legislation: Compliance guides for your business."

As well, you can always contact our Business Counsellors at 1-888-234-2232 with further questions.