Privacy & Data Protection

On January 1, 2004, privacy laws came into force across Canada governing all commercial transactions in the country except intra-provincial commercial activities of organizations in a province where the province has enacted substantially similar legislation to the Federal Act. To date three provinces have substantially similar legislation in place: British Columbia, Alberta and Quebec.

On June 18, 2015, the Digital Privacy Act became law, amending PIPEDA to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates.
Like the privacy provisions in Section J of the CMA Code of Ethics and Standards of Practice, the federal law addresses major themes – the collection, use and disclosure of personal information – and is structured according to these basic principles.

PIPEDA & Compliance


Internet of Things: Connected Devices & Autonomous Vehicles


Other Resources

On January 1, 2004, Canada's new privacy laws came into effect, changing the way all Canadian organizations handle commercial transactions and customer information. CMA has led the industry in privacy education to ensure that organizations are compliant with the new legislation.

Federal & Provincial Government Institutions

Regulations, Guidelines & Other Useful Information

International Links