Language selection


PIPEDA and Your Business: What you need to know about protecting your customers’ privacy

April 2018


View transcript


The most important part of my business is establishing customer trust.

My success depends on how secure my customers feel.

My customers need to know they can trust me with their personal information

The Office of the Privacy Commissioner of Canada is responsible for protecting and promoting people's privacy rights.

The Commissioner makes sure that businesses comply with PIPEDA, the federal private-sector privacy law.

PIPEDA establishes the rules for how businesses handle personal information.

Does PIPEDA apply to my business?

PIPEDA applies to most businesses across Canada except in Quebec, BC and Alberta where they have their own private sector laws. But even in those provinces, PIPEDA covers federally regulated industries, like transportation, telecommunications and banking.

What do you mean by personal information?

Personal information is more than just a name or address; it can be a person's age, ethnicity, medical information, credit card number or even income level.

How can PIPEDA help me?

PIPEDA is good for your business because it gives you the information you need to protect your customers’ personal information.

If people know your business will respect their privacy, they'll bring you their business. It's a win-win situation.

I respect our customers’ privacy, what can I do to ensure I’m covering all the bases?

Check out our PIPEDA guide for businesses and organizations, it explains your responsibilities under the Act.

You can find the guide on our website along with lots of other resources about good privacy practices, e-learning tools, fact sheets, guidance documents and videos.

Sounds a bit complicated, do most business owners have trouble complying?

It's actually pretty straightforward. PIPEDA clearly outlines ten principles for protecting personal information.

What exactly does accountability mean for my business?

Accountability means that you need to make sure someone in your organization is responsible for protecting the personal information you collect and that you give that person the tools and support to do it right.

Be sure to clearly explain why you're collecting personal information.

What's involved in getting customer consent?

Do your best to make sure your customers understand how their personal information will be used and get them to agree to it.

Don't collect more personal information than you need.

Can I use personal information for any reason that could benefit my customers?

Only use personal information for the reasons you explain to your customer, don't keep it any longer than you need it and be sure to dispose of it securely.

Make sure that personal information is as accurate, complete and up to date as possible.

Protect all personal information and do whatever it takes to keep it from falling into the wrong hands.

How can I show my customers that we take this issue seriously?

Tell them about your privacy practices and policies, put up signs, post information on your website, write it in a newsletter.

What if my customers ask me about their personal information?

They have a right to see it so be ready. Develop a simple procedure for responding to requests and get back to them as quickly as possible.

Let your customers know what they can do if they have concerns or further  questions about how you handle their personal information.

Visit our website to learn more about privacy rights and practices that can work for you and your customers.

At the Office of the Privacy Commissioner of Canada, we protect and promote privacy rights because good privacy makes good business sense.


Questions? Comments? Contact our Office at 1 (800) 282-1376.

If you encounter technical difficulties when viewing the video, please contact our webmaster.

Date modified: