Privacy-Related
Organizations covered by PIPEDA must obtain an individual's consent when they collect, use or disclose that individual's personal information.
About Us
Our People
Our Role
Our Annual Events
Programs
Our Grants
Funding Programs
SaskCulture Programs
Organizational Support
In this Section
The Office of the Privacy Commissioner of Canada (OPC) oversees compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law. Organizations covered by PIPEDA must obtain an individual's consent when they collect, use or disclose that individual's personal information. This includes any factual or subjective information, recorded or not, about an identiable individual, incluidng information in any form, such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
Download
Privacy Commissioner's Final Guidelines on Mandatory Breach Reporting
pdf
Canada's federal PIPEDA requires organizations that suffer a data breach involving personal information to:
- Report the breach to the OPC.
- Give notice of the breach to the affected individual(s).
- Maintain records of data breaches that affect personal information.
In order to avoide fines and penalties, organizations will need to understand the basic requirements of PIPEDA. To better understand organizations' obligations, check out the OPC's guidelines on the law.
Last Updated: April 21, 2024
Resources Disclaimer