These notes are designed to help you study smarter — not harder.
Based on the official IAPP textbook and CIPP/C Study Guide, this complete set of notes was created by a Canadian law graduate during her own certification journey.
They condense core legal concepts into clear, structured explanations — ideal for candidates who want to save time without compromising depth.
Clear breakdowns of federal and provincial privacy laws
PIPEDA, Privacy Act, PHIPA, FOIPPA, CASL, and more
30+ exam-oriented tips and practice-style questions to help you apply legal concepts the way the exam expects
Principles of data protection, consent, accountability, and access rights
Summaries of key case law (Facebook, TJX, SWIFT, Equifax, etc.)
Highlights of exam traps and real-world applications
Written in accessible language for non-lawyers
These notes are ideal for candidates who:
Are starting their CIPP/C exam preparation
Want to understand the law before jumping into memorization
Prefer studying with guided explanations and examples
Need a clear, structured alternative to flipping through multiple sources
Use it as your core study companion, or alongside the IAPP materials.
TABLE OF CONTENT
PART 1 – PRIVACY IN CANADA. 5
1. Privacy concepts. 5
Modern conception of privacy. 5
Models of Privacy Protections. 5
2. Canada’s political system.. 6
Canada government’s structure. 6
Levels of Government and Jurisdiction. 6
Branches of Government 7
Legislative authority in Privacy Law. 7
Legal system.. 7
3. Privacy enforcement framework in Canada. 8
Government Institutions That Protect Privacy. 8
Privacy Commissioners and Courts. 9
4. What is personal information. 11
What Is Personal Information?. 11
Types of Personal Information. 11
5. Safeguarding personal informations. 13
Standards and Frameworks (Security Governance) 13
Emerging AI in All Sectors. 14
Video Surveillance and OPC Guidelines. 14
Behavioral Advertising (Online tracking and targeting) 15
Data Processing Agreements (DPAs) 15
6. Development of privacy principles. 16
Fair Information Principles (FIP) 16
OECD Guidelines (1981) 16
CSA Model (Canadian Standards Association) 17
GAPP (Generally Accepted Privacy Principles) 17
7. International privacy. 18
Cross-Border Data Transfers. 18
GDPR (European Union) 18
APEC. 19
USA. 19
PART 2 – CANADIAN PRIVACY LAWS (PRIVATE SECTOR) 19
1. Scope of PIPEDA. 19
In Force Since. 19
Purpose. 20
Application. 20
2. The 10 Privacy Principles of PIPEDA (Schedule 1) 20
Why do these principles matter?. 21
OVERARCHING PRINCIPLE — Reasonableness Standard. 21
PRINCIPLE 1 – Accountability (See here) 22
PRINCIPLE 2 — Identifying Purposes (See here) 23
PRINCIPLE 3 — Meaningful & Valid Consent 24
PRINCIPLE 4 – Limiting Collection. 25
PRINCIPLE 5 – Limiting Use, Disclosure, and Retention. 25
PRINCIPLE 6 – Accuracy. 26
PRINCIPLE 7 – Safeguards. 26
PRINCIPLE 8 – Openness. 29
PRINCIPLE 9 – Access. 29
PRINCIPLE 10 – Challenging Compliance. 30
3. Substantially Similar Laws (to PIPEDA) 32
What’s the rule?. 32
Which provinces are covered?. 32
Key Differences Between PIPEDA and Provincial Laws: 32
4. Enforcement of PIPEDA. 34
Complaint process. 34
Other enforcement tools. 35
Important OPC rulings. 35
Court rulings – federal court 41
5. CANADA’S ANTI-SPAM LAW (CASL) 43
Scope. 43
Commercial electronic messages (cems) 43
Software installation. 45
PART 3 – CANADIAN PRIVACY LAWS (PUBLIC SECTOR) 47
1. APPLICABLE LAWS. 47
2. PRIVACY ACT. 47
Application and basis. 47
Directives, Policies and Regulations. 49
Interaction with Access to Information Act (1985) 49
Public sector obligations under the Privacy Act 49
Role of the Privacy Commissioner (OPC) 54
Other obligations. 54
FOIPPAs – Overview of Provincial Public-Sector Privacy Laws. 58
Privacy Act VS FOIPPAS. 59
PART 4 – HEALTH CARE PROVINCIAL ACTS. 61
1. Application and basis. 61
What are provincial PHI laws. 61
What’s the role of PIPEDA. 61
Scope. 61
Special Case – British Columbia. 63
2. Obligations of Health Information Custodians. 64
Necessity of Collecting, Using and Disclosing PHI 64
Right of access and correction. 64
Oversight and accountability. 65
Meaningful consent before processing. 66
Safeguards and Data breach protocol 67
Openness & Transparency. 68
Genetic Testing & Privacy 69