Skip to main content

Privacy laws in Canada: How do the rules affect your business?

In today’s digital era, the way you treat your clients' information matters. People are conscious and increasingly concerned of how their personal information is collected, used, and shared. 

The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law, regulating how to handle personal information you gather in your commercial activities.

Does privacy legislation apply to me?

PIPEDA applies to all federally-regulated businesses in Canada, with the exception of British Columbia, Alberta and Quebec, who have their own privacy laws. However, even if your business is located in one of these provinces PIPEDA may apply if any personal information crosses jurisdiction. For businesses requesting Personal Health Information, most provinces and territories have established a privacy act on how the information is to be collected and handled — so be sure to review your provincial or territorial legislation.

What is “personal information"?
Personal information includes age, medical records, income, ethnic background, employee files, credit card numbers and so forth. Generally, any information not available on a business card is protected. 

For a full list of what is covered by the legislation, see the Privacy Commissioner’s website

How do I create a privacy policy?
Start with the Office of the Privacy Commissioner of Canada. Their website includes:

How can I comply with the Act?
Privacy legislation is complex, but here are six things you should do to better protect your clients’ and employees’ data and avoid a complaint. 

Looking for an example?

Here’s one privacy policy you can examine: CFIB’s. A policy like this is a staple of any business’ website. 

More questions? Call us! If you still have questions about PIPEDA and what it means for your business, you can call the Office of the Privacy Commissioner at 1-800-282-1376. 

Or, call your CFIB Counsellor! 

January 2, 2019

Related Documents