What is Bill C-11?

Bill C-11 is a proposed cybersecurity law in Canada that mandates stricter customer data collection consent requirements.

Under C-11 businesses will be required to clearly detail how customer data will be used when collected. 

The primary objective of C-11 is to offer Canadian Citizens greater ownership of their private data. 

There are two primary implications of this reformed hierarchy:

  • Customers must be capable of retracting prior data collection consent within a reasonable time frame.
  • All instances of customer record storage must be permanently deleted when requested by a customer.
  • Organizations must inform customers when they store their personal data.

Key takeaways

  • Check icon
    Bill C-11 has not yet been passed as law.
  • Check icon
    If passed, C-11 compliance will be mandatory for retailers and entities processing customer data in Canada.
  • Check icon
    C-11 aims to reenact the Consumer Privacy Protection Act (CPPA). Because of this, C-11 will share the same penalty for non-compliance as CPPA, which is a fine of up to $10 million, or 3% of global revenue (whichever is greater).
  • Check icon
  • Check icon
Reviewed by
No items found.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.

More from our blog

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating