You may not know about the legislation, but you're familiar with the issue it's designed to protect against.
The Personal Information Protection and Electronic Documents Act is designed to protect against data breaches.
A recent breach at hotel firm Marriott affected about 5-million customers.
Known as Pipeda in the information technology industry, there are some updates that have just come into effect.
Local IT solutions company Next Dimension recently hosted a seminar where lawyer Drew Johnson explained the changes.
Johnson says the current law will be updated again next year.
"Canada's Pipeda is currently considered to be adequate under the EU for transfers of personal data, but Pipeda is back up for consideration next year as to its adequacy. So we can expect some additional protection, some additional teeth to be added to Pipeda in the near future."
He says failing to notify in the case of a data breach can be expensive for companies.
"If there's a reasonable risk of significant harm to an individual in a privacy breach then they're mandated to make the report to the Privacy Commissioner's office. If they do not that's when the fines can come into play."
Johnson says a company failing to notify the Privacy Commissioner's office could face at $100,000 fine.
He says the problem is growing rapidly.
"We're seeing data breaches up 50% year over year, so it's an exponential increase. You're seeing massive companies as well as the mid-market and small companies being hit by these breaches and I think it's coming into the collective consciousness that it needs to be taken seriously and I think that it's a remediation issue for a lot of people who've let it escape in their business."
He explains there is nothing in the current legislation mandating data controls.
Johnson adds it has a sliding scale depending on the sensitivity of the data that's involved in the breach.