Any private information your Canadian business collects, processes, uses, disseminates, discloses or retains, must be managed and protected with administrative, physical and technical safeguards to comply with applicable Canadian data protection laws.
Rules and principles within Canadian privacy laws govern the collection, use and dissemination of personal information in the public and private sectors.
Federal Privacy Act
Provincial Privacy Act
Federal Act: Personal Information Protection and Electronic Documents Act (PIPEDA)
If provinces have passed substantially similar legislation to PIPEDA, organizations within those provinces do not have to comply to PIPEDA, but must comply with their own provincial acts. The following provincial acts have been declared to be substantially similar:
Sector-Specific Privacy Laws
Some organizations may have sector-specific privacy laws, which they also need to comply with:
In Canada, privacy commissioners or ombudsmen (in provinces which do not have commissioners), oversee the enforcement of these laws to ensure compliance and investigate alleged breaches.
General Data Protection Regulation (GDPR)
As of May 25, 2018, the European Union's GDPR may also apply to your organization, if you:
Copyright © iPP Consulting. All rights reserved