Note: The information provided on this webpage is of a general nature and does not constitute legal advice. Moreover, it addresses only some issues in privacy law. If you have questions about how privacy law applies in a particular situation, you should consult a lawyer.

With the continued growth of the internet and the ever increasing ability of online services to track and 'mine' personal information, the protection of personal information has become a hot topic.

In Canada, data protection in the private sector is governed primarily by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws in certain provinces. These statutes regulate the collection, use, and disclosure of personal information by private sector organizations. Organizations that operate wholly within Alberta, B.C., or Quebec are governed by the province's privacy legislation. All other organizations engaged in commercial activities in Canada are subject to PIPEDA.

Public sector organizations are subject to separate privacy legislation. Federally, the Privacy Act governs government collection, use and disclosure of personal information. Each province has its own public sector privacy legislation, usually combined with access to information legislation - e.g., the Ontario Freedom of Information and Protection of Privacy Act. Some provinces (e.g., Alberta, Manitoba, Ontario and Saskatchewan) also have legislation specific to health privacy.

This webpage addresses issues surrounding PIPEDA, privacy in the private sector, and ways to protect your personal privacy while online. Information regarding provincial privacy legislation can be obtained by following the appropriate links under Resources.

For more information on privacy laws, see the Privacy Commissioner of Canada's website. Links to provincial privacy commissioners and relevant legislation are provided under Resources on that site. For information concerning your right to access information held by government organizations as well as private organizations, see CIPPIC's Access to Information User Manual.

FAQs

Resources

Legislation Governing Privacy in the Private Sector

Government Resources

Canadian Non-Government Resources

  • Access to Information User Manual
  • Canadian Access and Privacy Association: The Canadian Access and Privacy Association is a national non-profit organization whose goals are to promote knowledge and understanding of access and privacy laws and experiences in Canada.
  • CSA Model Code for the Protection of Privacy: The Canadian Standards Association (CSA) is a not-for-profit organization which works with business, industry, government and consumers in developing standards address such issues as public privacy, safety and health. PIPEDA's privacy provisions are based on the CSA's Model Code for the Protection of Personal Information.
  • Media Awareness Network: The Media Awareness Network is a Canadian non-profit organization providing a comprehensive collection of materials focusing on media education and internet literacy.
  • PIPEDA On the Web: A collection of information and links about the PIPEDA, including recent news, links to the legal text of PIPEDA, and court decisions that have considered PIPEDA.
  • PrivacyInfo.ca: The site features summaries of all of the Canadian Privacy Commissioner's decisions under the Personal Information Protection and Electronic Documents Act (PIPEDA).
  • Public Interest Advocacy Centre (PIAC): PIAC is a non-profit organization that provides legal and research services on behalf of consumer interests, and, in particular, vulnerable consumer interests, concerning the provision of important public services.

International Resources

  • Electronic Privacy Information Centre (EPIC): EPIC is a public interest research center in Washington, D.C. established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.
  • Electronic Frontier Foundation: EFF is a donor-supported organization focusing on civil liberties issues related to technology. EEF publishes a comprehensive archive of digital civil liberties information and is one of the most linked-to websites in the world.
  • Federal Trade Commission: Privacy Initiatives: The Federal Trade Commission (FTC) enforces federal consumer protection laws in the United States. The FTC's Privacy Initiatives webpage includes educational resources about protecting privacy and information on Spam, the Do-Not-Call Registry, and identity theft.
  • Privacy International: Privacy International (PI) is a human rights group formed in 1990 by concerned members of more than forty Human Rights organizations from different countries. Based in London, England, with an office in Washington, D.C., PI acts as a watchdog on surveillance by governments and corporations.
  • Global Internet Liberty Campaign.: International coalition of 40 privacy, free speech and human rights groups dedicated to fighting international threats to privacy and free speech on the Internet.
  • Online Privacy Alliance: The Online Privacy Alliance is a coalition of companies and associations committed to promoting the privacy of individuals online.
  • Privacy 2000: The Privacy2000 website is home to comprehensive information about the nationally renowned Privacy2000 conference series. The site also provides links to international news on privacy and security issues, and a headline archive that dates back to 2000.
  • PrivacyExchange.org: PrivacyExchange is an online global resource for consumer privacy and data protection containing a library of privacy laws, practices, publications, websites and other resources concerning consumer privacy and data protection developments worldwide.
  • Privacy Rights Clearinghouse: The Privacy Rights Clearinghouse is a nonprofit consumer education, research, and advocacy program. Their website includes fact sheets on numerous privacy issues, including internet privacy, identity theft, telemarketing, junk mail, medical records, and workplace privacy.
  • WorldLII Searchable Privacy Database: A search engine connected to all of the databases specializing in Privacy and Freedom of Information law available on any of the Legal Information Institutes (LIIs) that are part of WorldLII.

Resources for Small Businesses

Other

  • Privacy.net: Demonstrates and explains the ability of websites to collect and catalog information regarding users.
  • Weekendpictures.ca aims to increase literacy of the impact of sharing personal information within online networked environments.