Click here for menu Menu design element

Open a world of possibilities.

Standards can help Canadian businesses respect customer privacy, safeguard data, and enable trust 

January 28, 2021

Standards can help Canadian businesses respect customer privacy, safeguard data, and enable trust 

Share this page Share This
Decorative image

Through international standards, Canadian businesses can take the extra step to protect consumers’ information safe from unauthorized access and ensure fair, relevant, and legitimate data collection and processing.

Canadian Businesses are responsible for ensuring that the amount and type of data they are collecting is appropriate for their business. The Personal Information Protection and Electronic Document Act (PIPEDA) describes the laws around privacy that apply to Canadian commercial businesses. Internationally Canadian businesses still need to comply and understand regulations such as the European Unions General Data Protection Regulation (GDPR). This can be challenging for Canada’s small and medium-sized enterprises (SMEs). Therefore, SCC has worked alongside the Canadian Advisory Committee on GDPR (CAC-GDPR) to develop a guidance document to help organizations take the first steps and guide them on using relevant standards.

Businesses have a responsibility to be aware of privacy laws and continue to protect their consumers’ personal information. When collecting data, businesses need to make sure their privacy policy tells consumers why and how they use their customers’ data and disclose whether they share that consumer data with a third party.

SCC accredits certification bodies to help businesses secure their data under the following programs:

ISO/IEC 27001 Information Security Management Systems (ISMS) allows an organization to implement, maintain, and continuously improve information security. ISMS manage the security of assets such as financial information and intellectual property. It better prepares your business for a cyberattack. If you have a business with an e-commerce site and/or have international customers, having this certification can demonstrate your organization’s resiliency to a cyber incident.

ISO/IEC 27701 Privacy Information Management Systems (PIMS) provides additional security techniques for privacy and information management. This ISO/IEC standard is an extension to ISO/IEC 27001. Businesses should consider this standard if they are collecting personally identifiable information from their consumers. As of December 2020, SCC now offers PIMS accreditation. Certification Bodies can get accredited for PIMS by submitting an application.

CyberSecure Canada is an important program for any business with an online presence. This program prepares companies for the most common attacks, disasters, errors, and breaches. This certification increases consumer confidence in the Canadian digital economy.

To help your organization mitigate cyber threats, you can get certified by an accredited certification body to protect against common cyber incidents. You can search our directory to find an accredited certification body to get certified.

Reminders for businesses to stay privacy aware

  • +

    Only collect the customer information you need 


    • Often businesses collect personally identifiable information that may not be relevant to the needs of the business. Questions such as date of birth and gender can be arbitrary and yet are often asked on questionnaires. Businesses could collect the data they require by asking less specific questions that protect their customers’ privacy while still collecting the demographic information they may need.

  • +

    Make sure you customize and update your privacy policies


    • Many organizations make the mistake of not customizing privacy policies; organizations need to take the time to make sure their policies are still relevant and up to date following PIPEDA, GDPR, and/or the California Consumer Privacy Act (CCPA) guidelines, depending where their customers reside.

      SCC’s Management Systems accreditation programs offer high-quality accreditation services that create market confidence at home and internationally. To learn more about our many programs, click on the link above.