chapter 4

Privacy — Data Protection

Personal Info


(i) Age, name, income, ethnic origin.
(ii) Opinion, comments, social status.
(iii) Existence of a dispute between consumer and merchant.

Whether you conduct business online or offline, you have access to people's personal information. Privacy is important to them, but it's becoming harder to protect in an increasingly digital marketplace. The Personal Information Protection and Electronic Documents Act (PIPEDA) provides rules for how to collect, use and disclose this information.

Privacy laws in Canada seek to create a balance between your need to collect personal information and an individual’s right to maintain their personal privacy.


The Basics

(i) You need consent to collect, use or disclose personal information.
(ii) When using information, you must only do so for the purpose to which the individual has consented.
(iii) Regardless of consent, you have to limit the collection, use and disclosure of information to what "a reasonable person would consider appropriate in the circumstances."
(iv) Individuals must have the ability to access the information they have provided and make changes or correct mistakes.

As a business held accountable by the law, you should organize a “privacy plan” to assure your customers that their information is responsibly managed. PIPEDA states that you as the business owner are responsible for your privacy decisions. You’re required to protect the information you access.

The best way to protect yourself, gain consent and inform your clients is to implement a well-designed privacy policy. The link to this document should be visible and accessible on your online store. Any promises you make in this policy create a contract to which both you and your customer are bound. You need to be conscious of your privacy policy to make sure you comply with the promises you make. Some of the information that needs to be provided is actually controlled by the e-commerce platform you choose (such as storage or security). When deciding on a platform, pay attention to how they integrate their privacy policy, and see what sort of guidance they provide for preparing the clauses for your own policy.

Privacy Policy

Required Content

(i) What will be collected?
(ii) How will it be used?
(iii) How will it be stored?
(iv) What security measures are in place to protect the information?
(v) How long is information kept?
(vi) Will the information be shared?
(vii) How can they get in touch?

The Office of the Privacy Commissioner is an excellent and interactive resource to help you comply with important federal privacy law. In addition to clearly labeled information, there are interactive quizzes that provide tailored assessments and plans for your business. As an online shop owner, you should stay informed and use the resources provided to you by the Privacy Commissioner so that the information you receive is secure and used appropriately. Respecting personal information can help build a strong and competitive foundation to your customer relations.

Privacy Policy Generator

Coming up with your first privacy policy can be challenging so we've created a handy tool that generates your own, custom privacy policy with the click of a button.

Click here to get started.

Next chapter

5. Business Organization

4 min

Start your free 14-day trial today!