Federal (Canada)Private sector

PIPEDA - Personal Information Protection and Electronic Documents Act

Canada's main federal private-sector privacy law. Sets rules for collection, use, disclosure, safeguarding, access, correction, and mandatory breach reporting where there is a real risk of significant harm.

Read full legislation ->View decisions under this law

Who it applies to

Private-sector organizations in commercial activity where no substantially similar provincial law applies, plus all federally regulated private organizations (banks, airlines, telecoms, etc.) across Canada.

Common issues and topics

consentreasonable purposesaccess and correction requestsbreach reportingsafeguardsaccountability

Regulations made under this Act

Last checked Jun 1, 2026 · List last updated Apr 13, 2026

SOR/2018-64

Breach of Security Safeguards Regulations->

Sets the mandatory breach reporting and notification requirements — the real-risk-of-significant-harm threshold, what goes in the report, and the record-keeping obligation.

SOR/2001-7

Regulations Specifying Publicly Available Information->

Lists categories of personal information that are publicly available for purposes of Schedule 1 consent exceptions (e.g., business directories, professional registers).

SOR/2001-8

Order Binding Certain Agents of Her Majesty->

Extends PIPEDA Part 1 obligations to specified Crown agents that operate in a commercial capacity.

SOR/2003-374

Organizations in the Province of Quebec Exemption Order->

Exempts Quebec private-sector organizations from PIPEDA Part 1 because Quebec's Act respecting the protection of personal information in the private sector is substantially similar.

SOR/2004-219

Organizations in the Province of Alberta Exemption Order->

Exempts Alberta private-sector organizations from PIPEDA Part 1 because Alberta's PIPA is substantially similar.

SOR/2004-220

Organizations in the Province of British Columbia Exemption Order->

Exempts B.C. private-sector organizations from PIPEDA Part 1 because B.C.'s PIPA is substantially similar.

SOR/2004-308

Electronic Alternatives Regulations for Federal Real Property and Federal Immovables Act->

Authorizes electronic formats and signatures for specific real property transactions under the Federal Real Property and Federal Immovables Act.

SOR/2005-399

Health Information Custodians in Ontario Exemption Order->

Exempts Ontario health information custodians from PIPEDA Part 1 to the extent they are subject to Ontario's PHIPA.

SOR/2005-30

Secure Electronic Signature Regulations->

Prescribes the technical standards a secure electronic signature must meet for purposes of PIPEDA Part 2.

SOR/2008-115

Electronic Alternatives Regulations for Canada Labour Code->

Authorizes electronic alternatives to written documents for certain Canada Labour Code obligations (e.g., pay stubs, statements of earnings).

SOR/2011-265

Personal Health Information Custodians in New Brunswick Exemption Order->

Exempts New Brunswick health information custodians from PIPEDA Part 1 to the extent they are subject to N.B.'s PHIPAA.

SI/2012-72

Personal Health Information Custodians in Newfoundland and Labrador Exemption Order->

Exempts Newfoundland and Labrador health information custodians from PIPEDA Part 1 to the extent they are subject to N.L.'s PHIA.

SOR/2016-62

Personal Health Information Custodians in Nova Scotia Exemption Order->

Exempts Nova Scotia health information custodians from PIPEDA Part 1 to the extent they are subject to N.S.'s PHIA.

The summary above is plain-language reference only and is not legal advice. The official consolidated text is maintained by Justice Laws on the official legislation page ->