Privacy & Data Protection

On January 1, 2004, privacy laws came into force across Canada governing all commercial transactions in the country except intra-provincial commercial activities of organizations in a province where the province has enacted substantially similar legislation to the Federal Act. To date three provinces have substantially similar legislation in place: British Columbia, Alberta and Quebec.

On June 18, 2015, the Digital Privacy Act became law, amending PIPEDA to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates.
Like the privacy provisions in Section J of the CMA Code of Ethics and Standards of Practice, the federal law addresses major themes – the collection, use and disclosure of personal information – and is structured according to these basic principles.

PIPEDA & Compliance


The General Data Protection Regulation (GDPR) is a regulation by which the European Union (EU) intends to strengthen and unify data protection for all individuals within the EU It also addresses the export of personal data outside the EU. This regulation comes into effect in 2018 and will have an impact on many businesses around the world. 

Other Resources

On January 1, 2004, Canada's new privacy laws came into effect, changing the way all Canadian organizations handle commercial transactions and customer information. CMA has led the industry in privacy education to ensure that organizations are compliant with the new legislation.

Federal & Provincial Government Institutions

Regulations, Guidelines & Other Useful Information

International Links