In this digital world where personal information can be collected, used and shared with ease, Canadians are becoming increasingly concerned about their privacy. And more and more, they are choosing to do business with organizations that are sensitive to those concerns and that can demonstrate they will handle personal information with the appropriate level of care.
The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the ground rules for how businesses subject to the law must handle personal information in the course of commercial activities.
The Office of the Privacy Commissioner of Canada (OPC) oversees compliance with PIPEDA, which includes investigating privacy complaints, and helping businesses improve their personal information handling practices.
Explore the links on this page to learn about a variety of privacy issues that could impact your business and to find information to help your business comply with PIPEDA.
Find information about Canada’s federal private-sector privacy law.
Access guidance and tips created to help businesses handle personal information in accordance with PIPEDA.
Learn more about privacy breaches and how organizations should respond if they experience a breach.
Access information, tools and guidance for businesses on how to fulfil their responsibilities to ensure personal information is safeguarded.
Find information for individuals and organizations about privacy policies.
Learn about the privacy issues associated with surveillance and monitoring, and find guidance for organizations related to certain surveillance activities.
Find information about privacy issues that may arise in the workplace, as well as advice for employees and employers about respecting and protecting privacy.
Find information related to outsourcing in accordance with PIPEDA.
Access guidance for organizations and information for individuals about privacy issues related to cross-border transfers of personal information.
Learn about privacy issues related to cloud computing and find guidance for businesses considering the use of cloud computing services.
Find guidance for businesses related to mobile device use in the workplace, as well as about privacy and mobile app development.
Learn more about privacy issues related to health and genetic information, as well as other information about the body.
Frequently asked questions
This list highlights advice and information related to privacy issues that businesses frequently ask about when they contact us.
What do I need to do to comply with PIPEDA?
PIPEDA sets out 10 Fair Information Principles businesses must follow. Take a look at our Privacy Toolkit for Businesses for more details and useful tips on how to comply.
What are some common privacy complaints individuals have about businesses?
We hear from individuals on a wide range of privacy issues; our Ten tips for avoiding complaints to the OPC address some of the more common issues.
What happens when a person files a complaint against my business?
When we receive a complaint, we review it and assign an investigator to gather the necessary facts. For more information on the process, see our Organizations' Guide to Complaint Investigations under the Personal Information Protection and Electronic Documents Act.
Can I use video surveillance in my store while respecting the privacy of my customers and staff?
To start, consider whether a less privacy-invasive alternative might meet your business need and if you do install video surveillance, clearly inform customers and staff. Review our Guidelines for Overt Video Surveillance in the Private Sector for guidance.
Can I ask my customers for their driver’s licenses or social insurance numbers?
Identity information like this is very sensitive and should only be collected if absolutely necessary. See guidance for businesses on the collection of driver’s licence numbers and use of social insurance numbers for details.
How can I learn more about how the OPC interprets and applies PIPEDA?
We publish summaries and reports from our investigations into businesses. These offer concrete examples of how the OPC enforces PIPEDA.
- Date modified: