Canadian Data Breach Regulation Lookup
By clicking on a province you agree to the Terms and Conditions.
Federal Privacy Laws
Canada’s foundation for privacy regulation is known as a comprehensive model - meaning privacy regulations stem from federal laws enacted by the government, the Parliament of Canada. There are two main federal laws: the Privacy Act for federal government institutions; and the Personal Information Protection and Electronic Documents Act (PIPEDA) for commercial entities in the private sector. These federal laws are overseen by the Office of the Privacy Commissioner of Canada (OPC).
Province Privacy Laws
Several provinces were granted permission by the Governor in Council to use their “substantially similar” privacy laws instead of PIPEDA. British Columbia, Alberta, and Québec all have their own privacy legislation that addresses the private sector. Some provinces have laws that replace only portions of PIPEDA. For instance, Ontario, New Brunswick, Newfoundland, and Labrador have privacy legislation specifically covering health information, while other provinces address employee information or specific industry sectors. These provincial laws are overseen by each province’s Provincial Commissioner or Ombudsman responsible for privacy legislation.
It is important to note that there are exceptions or variations to the applicability within the private sector of the laws noted above. A few of these include:
- PIPEDA extends to employee personal information and health information only for organizations that are federally regulated, such as banks, airlines, telecommunications, media, et al.
- In provinces that have approved “substantially similar” laws for private sector organizations, PIPEDA may still be the governing law if the personal information crosses provincial or national borders. This is usually determined on a case by case basis.
- Some provinces and territories have health privacy laws that have not been declared substantially similar to PIPEDA. In these cases, PIPEDA may still govern.
- PIPEDA does not apply to not-for-profits, charities, and other organizations not engaged in commercial activity in which case provincial or territorial privacy legislation may apply.
To learn more about the privacy laws in your province or territory, simply click on the map above.