top of page
  • Writer's pictureDeborah

The Office of the Privacy Commissioner (OPC) defines a privacy impact assessment (PIA) as "a risk management process that helps institutions ensure they meet legislative requirements and identify the impacts their programs and activities will have on individuals’ privacy."


This process is used to determine how a program or service could affect the privacy of an individual.


To give a brief overview of the Canadian regulatory landscape on this aspect:

  • Federal public sector institutions must conduct a PIA to comply with the Privacy Act which sets out requirements for the collection, use and disclosure of personal information by the government.

  • PIPEDA does not require organizations to conduct a PIA, although the upcoming CPPA (the Act that would replace PIPEDA) will require organizations to implement a privacy management program that would likely include such a process.

  • QC Bill 64 requires firms to conduct impact assessments under certain circumstances, including when transferring data outside of Québec and acquiring, developing their IT infrastructure.


Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page