Federal (Canada) Privacy Decisions

Browse privacy decisions from Federal (Canada) — with AI-generated plain-language summaries for every ruling.

2 decisions matching

Jurisdiction

Federal (Canada)Ontario British Columbia Alberta Saskatchewan Manitoba Quebec Nova Scotia New Brunswick Prince Edward Island Newfoundland and Labrador

Federal (Canada)Personal Information Protection and Electronic Documents ActNot well-founded

Nov 7, 2003PIPEDA Case Summary #2003-243· Indexed Apr 12, 2026

PIPEDA Case Summary #2003-243 — telecommunications company "B"

A telecommunications company

An individual complained that a telecommunications company failed to obtain adequate consent for the secondary marketing use and disclosure of customer data. The investigation found that the company's privacy code, policy, and customer activation process sufficiently informed customers of its marketing practices and their right to opt-out. The company also complied with CRTC restrictions on disclosing customer information. As a result, the Assistant Privacy Commissioner concluded that the company was in compliance with PIPEDA.

Official ↗

Federal (Canada)Personal Information Protection and Electronic Documents ActWell-founded

Nov 7, 2003PIPEDA Case Summary #2003-244· Indexed Apr 12, 2026

PIPEDA Case Summary #2003-244 — Telecommunications company "A"

A telecommunications company

An individual complained that a telecommunications company failed to obtain proper consent for using and sharing customer data with affiliates for secondary marketing purposes. The company made its privacy policy available online and in distributed documents, but did not actively draw customers' attention to it during the sign-up process, making the information difficult to find. The Assistant Privacy Commissioner found that the company did not make reasonable efforts to inform customers about how their data would be used, leading to a contravention of PIPEDA principles regarding knowledge and consent for secondary uses of personal information.

Official ↗

Outcome Notes

Federal rulings come from two regulators with different statutory authority — outcome filters cover both.

OIC Order (ATIA s.36.1, binding) — Since June 2019 (Bill C-58) the Information Commissioner can issue binding orders requiring disclosure or reconsideration. Enforceable after 31/41 business days unless reviewed by the Federal Court (s.41).

Well-Founded — finding that the complaint is well-founded. For OIC: ATIA s.37(1)(a) finding (may be paired with a s.36.1 order). For OPC: Privacy Act s.35(1) / PIPEDA s.13(1) advisory finding — recommendations only, no binding order-making power.

Not Well-Founded — no contravention found.

s.6.1 Application— the OIC's response to a head's application for authorization to refuse a frivolous, vexatious, or bad-faith access request. Granted = institution may refuse; Denied = institution must respond.

Settled / Resolved / Early-resolved — OPC matter resolved during or before formal findings without a contravention finding.

Declined to investigate / No jurisdiction — Procedural close (Privacy Act s.34, PIPEDA discretion, or scope outside the Acts).

References: ATIA s.36.1 · OPC disposition definitions

About This Archive

Breach of Privacy archives Canadian privacy decisions from federal, provincial, and territorial commissioners. Each decision includes an AI-generated plain-language summary. Always verify against the official source document.

Federal (Canada) Privacy Decisions

PIPEDA Case Summary #2003-243 — telecommunications company "B"

Quick View

PIPEDA Case Summary #2003-243 — telecommunications company "B"

PIPEDA Case Summary #2003-244 — Telecommunications company "A"

Quick View

PIPEDA Case Summary #2003-244 — Telecommunications company "A"

Filters