PIPEDA
Personal Information Protection and Electronic Documents Act
Canada's federal private-sector privacy law
PIPEDA governs how private-sector organizations collect, use, and disclose personal information in the course of commercial activities. It applies to all businesses operating federally and in provinces without substantially similar legislation. PIPEDA establishes 10 fair information principles that form the foundation of Canadian privacy compliance.
Who must comply with PIPEDA?
Any private-sector organization that collects, uses, or discloses personal information during commercial activities falls under PIPEDA — including startups, SMBs, and national corporations. Organizations operating only in Alberta, BC, or Quebec may be governed by provincial equivalents instead.
Not sure if PIPEDA applies? Run a free assessment →
Key obligations under PIPEDA
Accountability
Appoint a privacy officer and develop privacy policies. You are responsible for all personal information under your control.
Identifying Purposes
State why you collect personal information before or at the time of collection. You cannot use it for undisclosed purposes.
Meaningful Consent
Obtain meaningful consent — express or implied depending on sensitivity — before collecting, using, or disclosing personal information.
Limiting Collection
Collect only the information you need for your stated purpose. No hoarding data "in case it becomes useful."
Breach Notification
Report breaches that create a "real risk of significant harm" to the OPC and notify affected individuals. Records must be kept for 2 years.
Individual Access
Respond to access requests within 30 days. Individuals have the right to see their personal information and correct inaccuracies.
Penalties & enforcement
Tim Hortons was ordered to delete app location data collected without valid consent (2022)
Run a free PIPEDA gap assessment
Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with PIPEDA — in under 3 hours. Free forever.
Start free assessment