Data Privacy Week

Canada and many countries around the world celebrate Data Privacy Week the last week of January each year.

Data Privacy Day began on January 28, 2007, to mark the anniversary of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day has since been expanded into a week-long initiative.

Data Privacy Week highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.

For the Office of the Privacy Commissioner of Canada (OPC), Data Privacy Week is an opportunity to highlight key issues, the role of our Office, and the resources that we have developed for individuals, businesses and federal institutions to foster awareness of privacy rights and obligations.

Data Privacy Week 2025

Data Privacy Week 2025 takes place from January 27 to 31. This year’s theme is “Put Privacy First.”

Considering privacy at the beginning of an initiative is a key to future-proofing programs, services, and systems. It can also help organizations to reduce the risk of issues arising at the eleventh hour or once a program has been launched.

Putting privacy first supports compliance with privacy law and ultimately helps organizations to build trust with Canadians.

For individuals, putting privacy first means being empowered to protect your fundamental right to privacy. For example, by knowing how to select strong passwords, recognizing phishing and other scams, and considering what information to share in online interactions.

Why should we put privacy first? And what do we protect when we protect privacy and ensure data protection? We invite you to read the Privacy and data protection as fundamental rights: A narrative, prepared by the Global Privacy Assembly’s Data Protection and Other Rights and Freedoms Working Group. The narrative takes stock of the proliferation of data protection laws and instruments and reinforces a case for adopting a fundamental rights-based approach to data protection and privacy globally.

During Data Privacy Week, we invite you to share social media posts from our accounts on X (@PrivacyPrivee) and LinkedIn (Office of the Privacy Commissioner of Canada/Commissariat à la protection de la vie privée). Add the hashtag #DPW2025 to your posts to join the online conversation.

2025 Campaign Resources

How individuals can put privacy first

1. Whether it’s online or in person, individuals are constantly being asked to provide their personal information. Put your privacy first by applying privacy best practices in your daily life: 10 tips for protecting personal information.
2. Identity theft is one of the harms that can result from the misuse of personal information. Put your privacy first by safeguarding your identity and restricting the availability of your personal information: Identity theft.
3. Some businesses use deceptive design patterns as a way to get individuals to provide more of their personal information, often so that it can be used for purposes such as marketing. Put your privacy first by learning how to recognize the most common types of deceptive design: Beware of deceptive design: Tips for individuals when navigating websites and mobile apps.

How businesses can put privacy first

1. The Personal Information Protection and Electronic Documents Act (PIPEDA) sets the ground rules for how private-sector organizations collect, use, and disclose personal information during for-profit, commercial activities across Canada. Put privacy first by familiarizing yourself with the key responsibilities under PIPEDA: PIPEDA requirements in brief.
2. Integrating a privacy-first approach for your website or mobile app helps to promote the best interests of individuals and build trust in your business. Put privacy first by supporting your customers in making informed privacy choices that are free of influence, manipulation and coercion: Five business best practices to avoid deceptive design.
3. Businesses developing, providing, or using generative AI must ensure that their activities comply with applicable privacy laws and regulations. Put privacy first by applying key Canadian privacy principles: Principles for responsible, trustworthy and privacy-protective generative AI technologies.

How federal institutions can put privacy first

1. Privacy Impact Assessments (PIAs) are a valuable risk management process. Put privacy first by undertaking PIAs at the outset of program development to effectively identify and mitigate privacy risks: OPC’s Guide to the Privacy Impact Assessment Process.
2. Federal institutions that are developing, providing or using generative AI should put privacy first and apply the following key privacy principles for responsible, trustworthy and privacy-protective generative AI technologies.
3. When monitoring employees’ presence in the office or using innovative tools in staffing processes, federal institutions should put privacy first by ensuring respect for privacy rights in their programs and practices: Protecting privacy in the digital workplace.

Events

• Webinar for public servants: Data Privacy Day 2025: A Guide to Managing Privacy in Contracting (January 20, 2025)
• Webinar: “Top of Mind” Data Privacy Webinar, hosted by the Office of the Information and Privacy Commissioner of Saskatchewan (January 31, 2025)
  The Privacy Commissioner of Canada will be one of the panelists.

Videoconference background

Use our DPW2025 videoconference and desktop background.