Language selection


Community news article

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

January 28, 2015

The following is an article on privacy and small businesses by the Office of the Privacy Commissioner of Canada that was prepared for Data Privacy Day. It was shared with community newspapers across Canada, except in provinces with substantially similar private sector privacy laws.

Strong privacy practices are good for business, says federal Privacy Commissioner

Businesses that don’t have strong privacy controls risk losing their competitive advantage in today’s increasingly privacy conscious marketplace, Privacy Commissioner of Canada Daniel Therrien warns as countries around the world mark Data Privacy Day, January 28th.

But it’s a message that isn’t just for major companies. It’s for the thousands of smaller businesses operating across Canada in tiny towns and bustling metropolises from coast, to coast, to coast. In fact, 98 per cent of companies in Canada employ fewer than 100 people.

“I understand that smaller businesses face many compliance pressures on top of day-to-day operational demands, but strong privacy practices are not just good for customers; they’re good for the bottom line,” says Commissioner Therrien.

“Canadians are telling us that they prefer to do business with companies that have good privacy practices.”

About a third of all private sector privacy complaints under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act, appear to involve smaller businesses.

Landlords, hotels, real estate agencies, collection agencies, travel agencies, independent local retailers and financial planners are among the types of businesses in the community that are at the centre of these complaints.

Commissioner Therrien says businesses often don’t realize that what they’re doing could create unnecessary risks for privacy.

Many grievances about smaller businesses involve things such as the improper use or sharing of a person’s information. This can be as simple as a misdirected letter, he says, and as serious as an employee snooping into a client’s personal file.

“Smaller businesses need to ask themselves what proactive measures they are taking to safeguard the privacy of their customers and to mitigate data breaches,” says Commissioner Therrien.

“As we mark Data Privacy Day, I would encourage all businesses to use this opportunity to take stock of, and strengthen where necessary, their privacy practices. My office is here to help”

Key steps to get on the right privacy track include:

  • Limit the amount of customer information you collect to what is necessary for the purposes of delivering a product or service.
  • Make it clear to customers in an easy-to-understand privacy policy why you need and how you’ll handle their personal information.
  • Know exactly what you collect, how it’s stored, who has access to it, how long it’s kept and when and how it’s discarded.
  • Train staff on the importance of privacy protection.
  • Don’t collect sensitive information, such as health or financial data, if you don’t have to.
  • Respond to customer requests for access to their personal information and designate a point person to respond to customer questions about privacy.

For more tools on privacy protection, visit

Date modified: