Privacy & Data Protection

On January 1, 2004, the Personal Information Protection and Electronic Documents Act (PIPEDA) came into force across Canada governing all commercial transactions in the country except intra-provincial commercial activities of organizations in a province where the province has enacted substantially similar legislation to the Federal Act. To date, three provinces have substantially similar legislation in place: British Columbia, Alberta and Quebec.

On June 18, 2015, the Digital Privacy Act became law, amending PIPEDA to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates.

Like the privacy provisions in Section J of the CMA Code of Ethics and Standards of Practice, the federal law addresses major themes – the collection, use and disclosure of personal information – and is structured according to these basic principles.

PIPEDA & Compliance


The General Data Protection Regulation (GDPR) is a regulation by which the European Union (EU) intends to strengthen and unify data protection for all individuals within the EU It also addresses the export of personal data outside the EU. This regulation comes into effect in 2018 and will have an impact on many businesses around the world. 

Internet of Things: Connected Devices, Autonomous Vehicles, etc.

The future is here. The Internet of Things and Connected devices, including smartphones, tablets, connected TVs, appliances and many more, have arrived. Connected machines and objects in factories offer the potential for a 'fourth industrial revolution', and experts predict more than half of new businesses will run on the IoT by 2020.

Federal & Provincial Government Institutions

Regulations, Guidelines & Other Useful Information

International Links