top of page
istockphoto-1349094915-612x612.jpg

External Resourcs

Collation of resources from reputable sources on privacy to better inform your practices. 

Select your jurisdiction

United Kingdom

The UK’s independent data protection regulator is the Information Commissioner’s Office (ICO). The ICO enforces data protection laws, provides guidance, and offers tools to help businesses comply with UK data protection regulations.

 

 - Key Compliance Requirement: Data Protection Fee

Did you know that under the Data Protection (Charges and Information) Regulations 2018, most businesses and sole traders that process personal information must pay an annual data protection fee to the ICO, unless they qualify for an exemption?

Check if you need to pay and how to register

​

Canada

Canada’s federal privacy regulator is the Office of the Privacy Commissioner of Canada (OPC). Each province may also have its own privacy laws and enforcement bodies for businesses operating locally.

 

- Key Compliance Requirement: Privacy Laws

Businesses operating in Canada must comply with Personal Information Protection and Electronic Documents Act (PIPEDA) if they collect, use, or disclose personal information during commercial activities.

 

If you operate in Alberta, British Columbia, or Québec, additional provincial privacy laws may apply:

    •    Alberta: Personal Information Protection Act (PIPA)

    •    British Columbia: Personal Information Protection Act (PIPA)

    •    Québec: Act Respecting the Protection of Personal Information in the Private Sector (Law 25)

 

Do you need to comply with PIPEDA? Find out here.

​

United States

The US does not have a single federal privacy regulator, but different agencies oversee privacy and data protection, depending on the sector. Key agencies include:

    •    Federal Trade Commission (FTC) – Enforces consumer privacy laws and unfair/deceptive business practices.

    •    Consumer Financial Protection Bureau (CFPB) – Oversees financial data privacy.

    •    Department of Health & Human Services (HHS) – Regulates health data through HIPAA.

 

Key Compliance Requirement: State Laws

Unlike other countries, the US has state-specific privacy laws that may apply to businesses collecting personal information:

    •    California: California Consumer Privacy Act (CCPA) / CPRA – Gives residents control over their personal data.

    •    Virginia: Virginia Consumer Data Protection Act (VCDPA)

    •    Colorado, Connecticut, and Utah have similar laws coming into effect.

Does your business need to comply? Use the CCPA Compliance Guide for California or check your state’s specific laws.

​

Australia

Australia’s federal privacy regulator is the Office of the Australian Information Commissioner (OAIC), which enforces national privacy laws and provides compliance guidance.

 

- Key Compliance Requirement: Privacy Act 1988

Most Australian businesses must comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs) if they collect personal information.

 

Does your business need to comply? The Privacy Act generally applies to:

    •    Businesses with annual revenue of $3 million or more

    •    Any business handling sensitive information (e.g., health data)

    •    Small businesses that trade in personal information

Check if the Privacy Act applies to you.

UK
Canada
US
AUS
bottom of page