Book a demo Log in / Sign up

Privacy Disclosure Notice Template for Canada

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Privacy Disclosure Notice?

A Privacy Disclosure Notice is a mandatory document required under Canadian privacy laws for organizations that collect, use, or disclose personal information in the course of commercial activities. This document must comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level, as well as provincial privacy laws where applicable. The notice should be provided to individuals before or at the time of collecting their personal information, written in clear, accessible language, and updated regularly to reflect changes in privacy practices. It serves as a fundamental transparency tool, helping organizations meet their legal obligations while building trust with individuals by clearly communicating how their personal information is handled.

Frequently Asked Questions

Is a Privacy Disclosure Notice legally required for Canadian businesses?

Yes, Privacy Disclosure Notices are legally mandatory under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) for organizations engaged in commercial activities. Provincial privacy laws like Alberta's PIPA and BC's PIPA also require similar disclosures. Failure to provide proper notice can result in significant penalties and compliance violations.

Can I be fined for not having a proper Privacy Disclosure Notice in Canada?

Yes, the Privacy Commissioner of Canada can impose administrative monetary penalties up to $100,000 for individuals and $10 million for organizations under PIPEDA. Provincial privacy commissioners also have enforcement powers including fines and compliance orders. Missing or inadequate privacy notices are considered serious violations of Canadian privacy law.

How does a Privacy Disclosure Notice differ from a Privacy Policy in Canada?

A Privacy Disclosure Notice is a specific point-of-collection document that informs individuals about data collection at the time it occurs, while a Privacy Policy is a broader organizational document outlining overall privacy practices. Under PIPEDA, the disclosure notice must be provided before or at the time of collection, whereas privacy policies can be accessed separately.

How long does it typically take to draft a Privacy Disclosure Notice for Canadian compliance?

A basic Privacy Disclosure Notice can be drafted in 2-4 hours using a template, but comprehensive legal review and customization typically takes 1-2 business days. Complex organizations with multiple data collection points may require several days to ensure all PIPEDA requirements are met and provincial law variations are addressed.

Does my Privacy Disclosure Notice need to comply with both federal and provincial privacy laws in Canada?

Yes, depending on your business operations, you may need to comply with both PIPEDA (federal) and applicable provincial privacy legislation like Alberta's PIPA or BC's PIPA. Federal employees and federally regulated industries must follow PIPEDA, while private sector organizations in provinces with substantially similar laws follow provincial requirements.

Can using a generic Privacy Disclosure Notice template get me in legal trouble in Canada?

Yes, using generic templates without proper customization is a common mistake that can lead to non-compliance with PIPEDA requirements. Each organization's data collection practices are unique, and privacy notices must accurately reflect your specific purposes, retention periods, and disclosure practices to meet Canadian legal standards.

How often must I update my Privacy Disclosure Notice under Canadian privacy law?

You must update your Privacy Disclosure Notice whenever there are material changes to your data collection, use, or disclosure practices as required by PIPEDA. Best practice is to review annually and immediately when implementing new systems, services, or business processes that affect personal information handling.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Canada

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Privacy Disclosure Notice

A Privacy Disclosure Notice is a critical legal document that your organization must provide to individuals when collecting their personal information. Under Canadian privacy law, this notice serves as your primary tool for transparency and compliance, ensuring individuals understand exactly how you handle their personal data. The document must be clear, accessible, and comprehensive enough to meet both federal and provincial privacy requirements across Canada.

When do you need this document?

You need a Privacy Disclosure Notice whenever your organization collects personal information from individuals in the course of commercial activities. This includes when customers create accounts on your website, employees provide personal details during hiring, patients register at healthcare facilities, or clients complete service applications. The notice must be provided before or at the time of collection, whether the information is gathered online, in person, or through third parties. Any organization operating in Canada that handles personal information must have this document in place to comply with privacy laws.

Key legal considerations

Your Privacy Disclosure Notice must include specific mandatory elements to ensure legal compliance. The document should clearly identify what personal information you collect, the purposes for collection and use, who has access to the information, and how individuals can access or correct their data. You must also disclose any third-party sharing arrangements, retention periods, and your organization's contact information for privacy inquiries. The notice must be written in plain language that individuals can easily understand, avoiding legal jargon or technical terms. Additionally, you need to ensure the notice is prominently displayed and easily accessible to data subjects. Any changes to your privacy practices require updating the notice and notifying affected individuals where required by law.

Legal requirements in Canada

Under PIPEDA, your Privacy Disclosure Notice must comply with the principle of openness, which requires organizations to make their privacy policies readily available to individuals. The Digital Privacy Act amendments have strengthened consent requirements, meaning your notice must clearly explain how individuals can provide meaningful consent for data collection and use. Provincial legislation such as Alberta's PIPA and British Columbia's PIPA may impose additional requirements for organizations operating within those provinces. Your notice must also address mandatory breach notification requirements, explaining how individuals will be notified if their personal information is compromised. The document should specify your organization's compliance with Canadian privacy principles including accountability, identifying purposes, consent, limiting collection, limiting use and retention, accuracy, safeguards, and individual access rights.

GOVERNING LAW

Applicable law

This Privacy Disclosure Notice is drafted to comply with Canada law. Key legislation includes:

Personal Information Protection and Electronic Documents Act (PIPEDA): Federal privacy law that governs the collection, use, and disclosure of personal information in the course of commercial activities across Canada. Sets out the ground rules for how businesses must handle personal information.
Digital Privacy Act: Amends PIPEDA to include mandatory breach notification requirements and enhanced consent requirements for privacy notices.
Personal Information Protection Act (PIPA) Alberta: Alberta's provincial privacy legislation that applies to private sector organizations operating within Alberta.
Personal Information Protection Act (PIPA) British Columbia: British Columbia's provincial privacy legislation that applies to private sector organizations operating within British Columbia.
Act Respecting the Protection of Personal Information in the Private Sector (Quebec): Quebec's privacy law that governs the collection, use, and disclosure of personal information by private sector organizations in Quebec.
Canada's Anti-Spam Legislation (CASL): While primarily focused on electronic communications, CASL contains important provisions about consent and information disclosure that may be relevant to privacy notices.
Office of the Privacy Commissioner of Canada (OPC) Guidelines: Guidelines and interpretations issued by the OPC regarding privacy notices and transparency requirements, including guidelines on meaningful consent and privacy notices.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it