Canada's main private-sector privacy law is PIPEDA, the Personal Information Protection and Electronic Documents Act, overseen by the Office of the Privacy Commissioner of Canada. It governs how businesses collect, use and disclose personal information in the course of commercial activity. This is a plain-English overview, not legal advice.
PIPEDA generally applies to private-sector organisations that collect personal information during commercial activity. Some provinces, including British Columbia, Alberta and Quebec, have their own laws deemed substantially similar, which can apply instead within those provinces. If you operate in Quebec, pay particular attention, since its rules are now among the strictest in the country.
For a typical website handling enquiries, signups and orders, PIPEDA principles are the baseline.
PIPEDA is built around meaningful consent. People should understand what you are collecting and why, in plain language, before they hand it over. For sensitive information the expectation of clear, express consent is higher.
On a website that means a readable privacy policy, honest collection notices on forms, and not quietly gathering more than you need.
PIPEDA does not ban storing data outside Canada, but you stay accountable for it and you should be transparent about transfers in your privacy policy. If your hosting is in the United States, your data is subject to US law while it is there.
Knowing where your host stores data lets you describe this accurately and decide whether Canadian hosting suits you better.
HostBible keeps your site fast for Canadian visitors with SSL as standard, so your privacy story starts on solid ground.
View Hosting Plans