Making Privacy Laws Work

The federal Personal Information Protection and Electronic Documents Act ("PIPEDA") sets out a number of rules for protecting personal information - defined as "information about an identifiable individual", but excluding employee contact information. These rules are applicable to all organizations that collect, use or disclose personal information in the course of commercial activities, except those operating within the provinces of Quebec, B.C., and Alberta, where organizations are subject to substantially similar provincial laws. These laws require, among other things, that organizations obtain the consent of individuals to any collection, use or disclosure of their personal information, except in specific circumstances such as law enforcement or emergencies. See CIPPIC's privacy law webpage, and the Privacy Commissioner of Canada's website, for more information.

These laws won't be effective unless citizens exercise their rights and demand compliance. If you think that an organization has breached its obligations under privacy law, you should complain to the Privacy Commissioner of Canada (or to the privacy commissioner in B.C., Alberta, or Quebec if the matter involves an organization acting wholly within those provinces). If you would like CIPPIC to assist you with a privacy-related complaint, contact us, with details of your complaint.

See our Privacy Projects page for more information on legislative and caselaw developments.