Language selection

Search

For businesses

In this digital world where personal information can be collected, used and shared with ease, Canadians are becoming increasingly concerned about their privacy. And more and more, they are choosing to do business with organizations that are sensitive to those concerns and that can demonstrate they will handle personal information with the appropriate level of care.

The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the ground rules for how businesses subject to the law must handle personal information in the course of commercial activities.

The Office of the Privacy Commissioner of Canada (OPC) oversees compliance with PIPEDA, which includes investigating privacy complaints, and helping businesses improve their personal information handling practices.

Explore the links on this page to learn about a variety of privacy issues that could impact your business and to find information to help your business comply with PIPEDA.

Personal Information Protection and Electronic Documents Act (PIPEDA)

Principles, legislation, processes, guidance, investigations

Breaches and safeguards

Safeguarding information, outsourcing, cloud computing, data breaches

PIPEDA compliance help

Guidance for businesses, specific issues, interpretation bulletins

Collecting personal information and consent

Best practices, meaningful consent

Artificial intelligence

Guidance, privacy protection and AI technologies

Design with privacy in mind

Key takeaways to help businesses avoid deceptive design

Employers and employees

Employers, human resources (HR), work devices, online services

Outsourcing

PIPEDA provisions, data protection, foreign partners, related investigations

Transferring data across borders

Data transfer, data protection

Cloud computing

Introduction, FAQs, tips, online file storage, webmail, social networking

Mobile apps

Privacy practices for developers

Advertising and marketing

Targeted advertising, e-marketing, spam

Health, genetic and other body information

Genetic testing, biometrics, health privacy, health emergencies

Video surveillance by businesses

Overt, covert, street images

See all topics

Frequently asked questions

This list highlights advice and information related to privacy issues that businesses frequently ask about when they contact us.

What do I need to do to comply with PIPEDA?

PIPEDA sets out 10 Fair Information Principles businesses must follow. Take a look at our Privacy Guide for Businesses for more details and useful tips on how to comply.

What are some common privacy complaints individuals have about businesses?

We hear from individuals on a wide range of privacy issues; our Ten tips for avoiding complaints to the OPC address some of the more common issues.

What happens when a person files a complaint against my business?

When we receive a complaint, we review it and assign an investigator to gather the necessary facts. For more information on the process, see our Organizations' Guide to Complaint Investigations under the Personal Information Protection and Electronic Documents Act.

Can I use video surveillance in my store while respecting the privacy of my customers and staff?

To start, consider whether a less privacy-invasive alternative might meet your business need and if you do install video surveillance, clearly inform customers and staff. Review our Guidelines for Overt Video Surveillance in the Private Sector for guidance.

Can I ask my customers for their driver’s licenses or social insurance numbers?

Identity information like this is very sensitive and should only be collected if absolutely necessary. See guidance for businesses on the collection of driver’s licence numbers and use of social insurance numbers for details.

How can I learn more about how the OPC interprets and applies PIPEDA?

We publish summaries and reports from our investigations into businesses. These offer concrete examples of how the OPC enforces PIPEDA.

Date modified: