Canada and the United States are each other’s major commercial partner. Many U.S. companies have Canadian customers and collect and process personal information about Canadians. They must therefore understand Canada’s and its provinces’ regulation of personal data privacy. The Canadian regulation of data privacy is very complex, with a maze of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial laws and regulations.

In this conversation with Lyndsay Wasser, a Toronto-based attorney at the Canadian law firm McMillan LLP, the Data Privacy Detective asks what cross-border businesses should know about privacy and data security in Canada, as well as looming changes on the U.S.’s northern horizon.

Time stamps:

01:05 - What is the general state of data privacy and security law and regulation within Canada?

02:33 - What does Quebec do differently?

03:18 - Do foreign companies need to consider individual provincial laws in addition to the federal laws?

05:27 - How is the Canadian privacy regime similar to the EU's GDPR? How is it different?

07:14 - What should a US company know if it collects data from Canadian users?

08:16 - How does Canada address data localization?

09:43 - What does the future look like for data privacy law in Canada?

13:06 - What advice would Lyndsay give on the type of guidance companies should seek regarding Canadian data privacy?