On January 1, 2004, the Personal Information Protection and Electronic Documents Act (PIPEDA) came into force across Canada governing all commercial transactions in the country except intra-provincial commercial activities of organizations in a province where the province has enacted substantially similar legislation to the Federal Act. To date, three provinces have substantially similar legislation in place: British Columbia, Alberta and Quebec.
On June 18, 2015, the Digital Privacy Act became law, amending PIPEDA to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates.
As of November 1, 2018, organizations across Canada subject to the PIPEDA will be required to provide notice of certain privacy breaches. The Breach of Security Safeguards Regulations (“Regulations”) were published on April 18, 2018.
- Member Guide: Privacy Compliance
Blogs & Member Bulletins
- Blog: OPC's new consent guidelines and what they mean for your business
- Blog: Changes to Canada's privacy laws looming - Balancing innovation & privacy
- Blog: The latest on privacy compliance, consumer trends and our privacy world in 2030
- Blog: The Trump effect on Canadian marketing
- Member Bulletin: Marketing impacted by Changes to Federal Privacy Law
Presentations & Webinars
- Webinar: Canada's Breach Regulations - Are you ready?
- Presentation: Why smaller organizations need to understand privacy laws & best practices too
CMA Submissions to Government
- Government Submission: CMA responds to OPC’s ‘Consent and Privacy’ Discussion Paper
Data Privacy Study: What the Canadian Consumer Really Thinks
To better understand Canadian consumer perspectives, the CMA recently participated in a global study conducted by Foresight Factory in 10 countries.
Report & Findings