For businesses

In this digital world where personal information can be collected, used and shared with ease, Canadians are becoming increasingly concerned about their privacy. And more and more, they are choosing to do business with organizations that are sensitive to those concerns and that can demonstrate they will handle personal information with the appropriate level of care.

The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the ground rules for how businesses subject to the law must handle personal information in the course of commercial activities.

The Office of the Privacy Commissioner of Canada (OPC) oversees compliance with PIPEDA, which includes investigating privacy complaints, and helping businesses improve their personal information handling practices.

Explore the links on this page to learn about a variety of privacy issues that could impact your business and to find information to help your business comply with PIPEDA.

Personal Information Protection and Electronic Documents Act (PIPEDA)

Find information about Canada’s federal private-sector privacy law.

PIPEDA compliance help

Access guidance and tips created to help businesses handle personal information in accordance with PIPEDA.

Privacy breaches

Learn more about privacy breaches and how organizations should respond if they experience a breach.

Safeguarding personal information

Access information, tools and guidance for businesses on how to fulfil their responsibilities to ensure personal information is safeguarded.

Collecting personal information

Find information about requirements and best practices for collecting personal information in accordance with PIPEDA, including information about consent, and identification and authentication.

Privacy policies

Find information for individuals and organizations about privacy policies.

Surveillance and monitoring

Learn about the privacy issues associated with surveillance and monitoring, and find guidance for organizations related to certain surveillance activities.

Privacy at work

Find information about privacy issues that may arise in the workplace, as well as advice for employees and employers about respecting and protecting privacy.

Privacy and outsourcing for businesses

Find information related to outsourcing in accordance with PIPEDA.

Personal information transferred across borders

Access guidance for organizations and information for individuals about privacy issues related to cross-border transfers of personal information.

Cloud computing

Learn about privacy issues related to cloud computing and find guidance for businesses considering the use of cloud computing services.

Mobile devices and apps

Find guidance for businesses related to mobile device use in the workplace, as well as about privacy and mobile app development.

Advertising and marketing

Find information about behavioural/targeted advertising, cookies and spam.

Health, genetic and other body information

Learn more about privacy issues related to health and genetic information, as well as other information about the body.

See all topics

Frequently asked questions

This list highlights advice and information related to privacy issues that businesses frequently ask about when they contact us.

What do I need to do to comply with PIPEDA?

PIPEDA sets out 10 Fair Information Principles businesses must follow. Take a look at our Privacy Toolkit for Businesses for more details and useful tips on how to comply.

What are some common privacy complaints individuals have about businesses?

We hear from individuals on a wide range of privacy issues; our Ten tips for avoiding complaints to the OPC address some of the more common issues.

What happens when a person files a complaint against my business?

When we receive a complaint, we review it and assign an investigator to gather the necessary facts. For more information on the process, see our Organizations' Guide to Complaint Investigations under the Personal Information Protection and Electronic Documents Act.

Can I use video surveillance in my store while respecting the privacy of my customers and staff?

To start, consider whether a less privacy-invasive alternative might meet your business need and if you do install video surveillance, clearly inform customers and staff. Review our Guidelines for Overt Video Surveillance in the Private Sector for guidance.

Can I ask my customers for their driver’s licenses or social insurance numbers?

Identity information like this is very sensitive and should only be collected if absolutely necessary. See guidance for businesses on the collection of driver’s licence numbers and use of social insurance numbers for details.

How can I learn more about how the OPC interprets and applies PIPEDA?

We publish summaries and reports from our investigations into businesses. These offer concrete examples of how the OPC enforces PIPEDA.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: