For businesses
In this digital world where personal information can be collected, used and shared with ease, Canadians are becoming increasingly concerned about their privacy. And more and more, they are choosing to do business with organizations that are sensitive to those concerns and that can demonstrate they will handle personal information with the appropriate level of care.
The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the ground rules for how businesses subject to the law must handle personal information in the course of commercial activities.
The Office of the Privacy Commissioner of Canada (OPC) oversees compliance with PIPEDA, which includes investigating privacy complaints, and helping businesses improve their personal information handling practices.
Explore the links on this page to learn about a variety of privacy issues that could impact your business and to find information to help your business comply with PIPEDA.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Principles, legislation, processes, guidance, investigations
Guidance for businesses, specific issues, interpretation bulletins
Safeguarding information, outsourcing, cloud computing, data breaches
Collecting personal information and consent
Best practices, meaningful consent
Guidance, privacy protection and AI technologies
Key takeaways to help businesses avoid deceptive design
Employers, human resources (HR), work devices, online services
PIPEDA provisions, data protection, foreign partners, related investigations
Transferring data across borders
Data transfer, data protection
Introduction, FAQs, tips, online file storage, webmail, social networking
Privacy practices for developers
Targeted advertising, e-marketing, spam
Health, genetic and other body information
Genetic testing, biometrics, health privacy, health emergencies
Video surveillance by businesses
Overt, covert, street images
Frequently asked questions
This list highlights advice and information related to privacy issues that businesses frequently ask about when they contact us.
What do I need to do to comply with PIPEDA?
PIPEDA sets out 10 Fair Information Principles businesses must follow. Take a look at our Privacy Guide for Businesses for more details and useful tips on how to comply.
What are some common privacy complaints individuals have about businesses?
We hear from individuals on a wide range of privacy issues; our Ten tips for avoiding complaints to the OPC address some of the more common issues.
What happens when a person files a complaint against my business?
When we receive a complaint, we review it and assign an investigator to gather the necessary facts. For more information on the process, see our Organizations' Guide to Complaint Investigations under the Personal Information Protection and Electronic Documents Act.
Can I use video surveillance in my store while respecting the privacy of my customers and staff?
To start, consider whether a less privacy-invasive alternative might meet your business need and if you do install video surveillance, clearly inform customers and staff. Review our Guidelines for Overt Video Surveillance in the Private Sector for guidance.
Can I ask my customers for their driver’s licenses or social insurance numbers?
Identity information like this is very sensitive and should only be collected if absolutely necessary. See guidance for businesses on the collection of driver’s licence numbers and use of social insurance numbers for details.
How can I learn more about how the OPC interprets and applies PIPEDA?
We publish summaries and reports from our investigations into businesses. These offer concrete examples of how the OPC enforces PIPEDA.
- Date modified: