Skip to main content
All of CanadaUpdated April 2026

Which Privacy Commissioner Handles My Complaint?

A quick decision guide to figure out which federal or provincial commissioner is the right place to file your privacy complaint.

TL;DR

The answer depends on who holds the information. Use the flowchart below: is the organization federally regulated? Is it public sector? Is it a health custodian? Is it in BC, Alberta, or Quebec? Each answer points to a different commissioner.

Start here

Ask yourself:

  • Is the organization a federal government body? -> Office of the Privacy Commissioner of Canada (OPC) under the Privacy Act.
  • Is it a federally regulated business (bank, airline, telecom)? -> OPC under PIPEDA.
  • Is it a provincial or municipal government body? -> Provincial access-and-privacy commissioner under FIPPA/FOIP/ATIPP.
  • Is it a health care custodian? -> Provincial health-privacy commissioner (often the same office) under PHIPA/HIA/HIPA/PHIA.
  • Is it a private-sector business in BC, Alberta, or Quebec? -> Provincial commissioner under PIPA or Law 25.
  • Is it a private-sector business in any other province? -> OPC under PIPEDA.

Common scenarios

Quick answers:

  • Your bank: OPC (PIPEDA).
  • Your hospital in Ontario: IPC Ontario (PHIPA).
  • A federal department: OPC (Privacy Act).
  • A Quebec retailer: CAI (Law 25).
  • Your provincial ministry (Alberta): OIPC Alberta (FOIP).
  • A social media platform: OPC (PIPEDA).
  • A BC employer: OIPC BC (BC PIPA).

Multiple commissioners may apply

An incident can engage multiple regimes. Commissioners sometimes conduct joint investigations. Filing with one can often cover your complaint for all relevant commissioners, but you may also file with each if different aspects apply.

Related topics

Ask AI