On January 1, 2004, the Personal Information Protection and Electronic Documents Act (PIPEDA) came into force across Canada governing all commercial transactions in the country except intra-provincial commercial activities of organizations in a province where the province has enacted substantially similar legislation to the Federal Act. To date, three provinces have substantially similar legislation in place: British Columbia, Alberta and Quebec.
On June 18, 2015, the Digital Privacy Act became law, amending PIPEDA to include a business transaction exemption, mandatory breach notification requirements, enhanced powers for the Privacy Commissioner, and various other updates.
As of November 1, 2018, organizations across Canada subject to the PIPEDA will be required to provide notice of certain privacy breaches. The Breach of Security Safeguards Regulations (“Regulations”) were published on April 18, 2018.
- Member Guide: Privacy Compliance
Blogs & Member Bulletins
- Blog: Changes to Canada's privacy laws looming - Balancing innovation & privacy (June 2018)
- Blog: The latest on privacy compliance, consumer trends and our privacy world in 2030
- Blog: The Trump effect on Canadian marketing
- Member Bulletin: Marketing impacted by Changes to Federal Privacy Law
CMA Submissions to Government
- Government Submission: CMA responds to OPC’s ‘Consent and Privacy’ Discussion Paper
Data Privacy Study: What the Canadian Consumer Really Thinks
To better understand Canadian consumer perspectives, the CMA recently participated in a global study conducted by Foresight Factory in 10 countries.
Report & Findings