Skip To Content

Things to know

  • Canada broadly regulates the collection, use and disclosure of personal information in the course of commercial activity
  • Canada’s privacy laws apply to organizations collecting personal information of Canadian residents, even if those organizations are located outside of Canada
  • Personal information is defined to cover “information about an identifiable individual”, regardless of whether the information is publicly available
  • Subject to exceptions, consent of the individual is required for any collection, use or disclosure of personal information
  • Even with consent, any collection, use or disclosure of personal information must meet a reasonable person test
  • Additional fair information principles reflected in Canadian privacy laws include: limiting collection, limiting use, disclosure and retention, accuracy, openness, individual access and challenging compliance
  • Canada’s data privacy regulators take an active approach to enforcement

Things to do

  • Localize your privacy policy
  • Compare your current privacy practices (including notice and consent processes) to Canadian requirements
  • Build privacy into the design of your products, services and business processes
  • Ensure that you have documented internal policies and procedures that comply with privacy commissioner “accountability” guidance, including for responding to a data breach
Download topic