Canadian privacy laws are markedly different than those in the United States. Unlike the United States, Canada has comprehensive privacy laws that cover all aspects of personal information handling including both the public and private sector. An important point to understanding is that Canadian laws are based on 10 privacy principles. These include: being accountable, identifying the purpose for the collection, collecting only that which is necessary, obtaining consent, limiting use and disclosure, safeguarding the information, keeping the information only for as long as necessary, begin open and transparent about what you do with the information, and providing a mechanism for people to challenge your information handling practices.
Lastly, Canadian laws are enforced by Privacy Commissioners who have powerful rights of investigation. Some argue that their enforcement sanctions are not as severe as in some European countries, but there is a movement afoot in Canada to add monetary fines for non-compliance. And, just because an organization may be located outside of Canada does not mean that they don’t have to comply. The Federal Court of Canada has already ruled that Canadian privacy laws extend beyond the borders and must be followed by any organization dealing with the personal information of Canadians.