Preferred Language

Canada: Personal information Protection and Electronic Documents Act

« Back to Glossary Index

Canada is a country with a strong focus on data privacy and security. The Personal Information Protection and Electronic Documents Act (PIPEDA) is the main federal law that governs data protection and privacy in Canada. PIPEDA sets out rules for how private-sector organizations must handle personal information in the course of their commercial activities.

Under PIPEDA, organizations must obtain an individual’s consent before collecting, using, or disclosing their personal information. Organizations must also provide individuals with information about why their personal information is being collected and how it will be used. Individuals have the right to access and request the correction of their personal information held by an organization.

In addition to PIPEDA, Canada has several sector-specific privacy laws that apply to certain industries, such as healthcare and telecommunications. For example, the Personal Health Information Protection Act (PHIPA) governs the collection, use, and disclosure of personal health information in Ontario.

In November 2020, Canada introduced Bill C-11, which proposes to update and modernize PIPEDA. If passed, the proposed legislation would give individuals more control over their personal information, establish a new data protection authority, and introduce new fines for non-compliance.

It’s important for Canadian organizations to comply with PIPEDA and other applicable privacy laws to protect individuals’ personal information and avoid fines and other penalties. Companies can also benefit from implementing best practices in data privacy and security, such as regularly assessing privacy risks and providing privacy training to employees.

Overall, Canada’s data privacy laws demonstrate a commitment to protecting individuals’ personal information and maintaining trust in the digital economy.

Download this Resource