AI & Automation

PIPEDA and Tenant Data: What Canadian Property Managers Must Know

Read time
11 min read
Published
June 20, 2026
Canadian property manager reviewing PIPEDA tenant data compliance checklist at a desk with a rental application

General guidance only — not legal advice. Confirm specifics with your own counsel.

Yes. Because leasing residential property is a "commercial activity," PIPEDA governs how private-sector landlords and property managers collect, use, and store tenant data — unless you operate in BC, Alberta, or Quebec, which have their own substantially-similar privacy laws. The core duties: collect only what's necessary, get meaningful consent, never require a SIN, and report serious breaches.

There is a tension every Canadian property manager running self-showings knows well: the instinct to demand hard ID before handing over a lockbox code is sound — scammers and squatters are real. But the moment that instinct tips into over-collection, Canadian privacy law draws a firm line. In our discovery calls with property managers, more than a quarter named scammers or squatters grabbing lockbox codes as a leading self-showing concern. The instinct to fix that by demanding more personal data is precisely where PIPEDA pushes back. One operator told us a prospect balked the moment a screening tool demanded a sensitive ID number with no explanation — exactly the consent failure PIPEDA is built to prevent.

This guide walks through what the law actually requires, what crosses the line, and what a compliant leasing workflow looks like in practice — from application to signed lease.

Does PIPEDA apply to Canadian landlords and property managers?

Yes. The Office of the Privacy Commissioner of Canada (OPC) has confirmed that leasing residential property is a "commercial activity," which brings it squarely under PIPEDA's scope for private-sector organizations. That applies whether you manage a dozen doors or a large residential portfolio.

Two categories fall outside PIPEDA's reach: purely personal, non-commercial landlording arrangements (renting a basement suite to a family member with no profit motive, for instance) and employee data, which is governed differently. Property management operations — where leasing is the core business activity — are covered.

The federal law does not operate everywhere in Canada, though. Three provinces have passed their own legislation, and understanding which law applies to you is the starting point for any compliance review.

Which privacy law applies to you: PIPEDA, or your province's own law?

PIPEDA is the federal default, but BC, Alberta, and Quebec each have substantially-similar private-sector privacy laws that govern in-province commercial activity instead of PIPEDA. Quebec's regime, updated under Law 25, is the strictest of the three.

Where you operate Governing privacy law Notes
Federal default (most provinces/territories) PIPEDA Applies to commercial collection of tenant data
British Columbia PIPA BC Substantially similar; governs in-province activity
Alberta PIPA Alberta Substantially similar; governs in-province activity
Quebec Quebec's Law 25 Modernized private-sector act (formerly Bill 64); strictest

If you manage properties across multiple provinces, the law that applies follows the activity, not your head office. A PM based in Ontario leasing units in BC is subject to PIPA BC for that BC activity.

What tenant data are you actually allowed to collect — and what crosses the line?

PIPEDA's Limiting Collection principle is the governing test: collect only what is necessary for a specific, identified purpose related to the tenancy. The OPC's Schedule 1 sets out ten fair-information principles that any leasing workflow is measured against:

  • Accountability — your organization is responsible for personal information it holds
  • Identifying purposes — state why you need data before or at the point of collection
  • Consent — get meaningful consent for collection, use, and disclosure
  • Limiting collection — collect only what's necessary for that stated purpose
  • Limiting use, disclosure, and retention — use data only for the purpose collected; discard when done
  • Accuracy — keep personal information accurate and up to date
  • Safeguards — protect personal information with appropriate security measures
  • Openness — make your privacy policies and practices available
  • Individual access — applicants have the right to access their own data and challenge its accuracy
  • Challenging compliance — applicants can raise concerns with a designated privacy officer

In practice: collecting a name, contact details, employment and income information, and a consented credit check is fine — those are necessary for a residential tenancy decision. Vacuuming up sensitive identifiers, copies of government ID beyond what verification requires, or data fields that serve no stated tenancy purpose crosses the line. The question to ask before every field on your application form is: "Could we make this tenancy decision without this?"

[[cta]]

Can you require a tenant's Social Insurance Number for screening?

No. The OPC's guidance is explicit: a landlord must not require a Social Insurance Number from a rental applicant. The SIN is a sensitive identifier collected for tax and government benefit purposes — it is generally unnecessary to establish identity or creditworthiness for a tenancy, and collecting it creates a significant data-protection liability for your organization.

Critically, you must offer an alternative means of identity verification rather than denying service to an applicant who declines to provide a SIN. Refusing an application solely because a prospect won't hand over their SIN is itself a PIPEDA violation.

This is exactly the moment the operator described above lost a prospect: a screening tool demanded a sensitive ID number with no explanation of why it was needed or what alternatives existed. No explanation, no alternative, no consent — three strikes in a single form field.

What does "meaningful consent" actually require before you screen someone?

PIPEDA's Consent principle requires that the person understand — in plain language, before you collect anything — what you are collecting, why you are collecting it, and who will have access to it. Burying that information in fine print after the applicant has already submitted their details does not meet the standard.

For a residential screening workflow, meaningful consent looks like:

  • A clear, plain-language notice at the top of the application form identifying what data will be collected and for what purpose
  • An explicit statement that a credit check will be run, through which bureau, and what information that check requires
  • An option to provide an alternative identity verification method when a sensitive field is declined
  • An explanation of how long the data will be kept and when it will be destroyed

The failure mode is the surprise demand: asking for a sensitive identifier mid-process with no prior notice and no stated reason. That is not consent — it is the scenario PIPEDA was built to prevent.

How do PIPEDA rules collide with ID-verified self-showings and online screening?

This is where the over-collection instinct and the privacy guardrail meet head-on. More than a quarter of the property managers we spoke with named scammers or squatters obtaining lockbox codes as a leading self-showing concern. The impulse is to demand more ID. The law's answer is to demand the right ID, for the right reason, with the right consent.

Verification done within PIPEDA's framework means collecting identity for a specific, stated purpose — releasing access to a unit for a showing — with clear upfront consent, and retaining that data only for as long as that purpose requires. It does not mean building a standing file of sensitive identifiers for every prospect who ever requested a self-showing.

The resolution is purpose-built verification: the prospect is told exactly what identity information is collected, why (to confirm they are who they say they are before a lockbox code is issued), and how briefly it is held. That satisfies both the limiting-collection and meaningful-consent principles — and it stops the scammer/squatter problem at the same time. LetHub is one example of how ID-verified self-showings can be structured this way — collecting only what a verify-to-unlock flow requires, with consent built into the process, rather than a blanket ID sweep on every prospect.

For a deeper look at how self-showings work within Canadian tenancy law, see our guides on Canadian self-showing rules by province and how ID-verified showings prevent rental fraud.

How long can you keep tenant data, and when must you destroy it?

PIPEDA's Limiting Use, Disclosure, and Retention principle is clear: keep personal information only for as long as it serves the purpose for which it was collected — then securely destroy it.

For residential leasing, that means:

  • Declined applicants: their data should not live indefinitely in your system. Set a defined retention window — many organizations use 30–90 days post-decision — and then securely delete it, including from backup systems.
  • Active tenants: retain what you need for the tenancy and any legally required landlord-tenant record-keeping obligations, then destroy once those periods lapse.
  • Showing-verification data: once the showing has occurred and the purpose is fulfilled, the identity data collected for access should be purged. It does not need to sit in a database indefinitely.

"Secure destruction" means more than checking a delete box in your software — it means ensuring the data is unrecoverable and that backups containing it are handled consistently with your retention policy.

What happens if tenant data leaks: do you have to report the breach?

Yes, and the obligation is statutory. Under the Breach of Security Safeguards Regulations, breach reporting to the OPC has been mandatory since November 1, 2018 for any breach that poses a "real risk of significant harm" to the individuals affected. This is not optional, and most property managers are unaware the hard deadline has been in effect for years.

"Real risk of significant harm" is interpreted broadly — it includes risk of identity theft, financial loss, reputational damage, and humiliation. A breach involving tenant SINs, credit report data, or government ID copies would almost certainly clear that bar.

The reporting obligation has two branches: notify the OPC and notify the affected individuals. You must also maintain records of all breaches — even those that do not meet the "real risk" threshold — for at least two years. None of this is a reason to avoid collecting data carefully in the first place; it is a reason to treat the Safeguards principle as a genuine operational responsibility, not a checkbox.

What does a PIPEDA-compliant leasing workflow look like in practice?

The ten principles map directly onto the leasing funnel. Here is what good looks like at each stage:

  1. Inquiry: state your privacy practices upfront — who you are, what your privacy policy covers, how to reach your designated privacy officer. Do not wait for the application form.
  2. Application: present a plain-language consent notice before collecting any data. Identify the purpose (tenancy decision), the data required, the credit bureau you use, and the retention period. Get explicit consent before proceeding.
  3. Screening: collect only what the tenancy decision requires — name, contact, income/employment proof, and a consented credit check. Do not ask for a SIN. If any sensitive field is declined, offer an alternative verification path rather than rejecting the application outright.
  4. ID-verified showing: verify identity for the specific, stated purpose of releasing unit access. Disclose this purpose, get consent, and set a short retention period tied to the showing. Purge once the showing is complete.
  5. Decision: record the tenancy decision and the basis for it. Keep only what landlord-tenant legislation requires for that record.
  6. Declined applicants: trigger your retention clock. After your defined window (30–90 days is a common standard), securely destroy their data — including any credit report data you accessed.
  7. Active tenancy: use tenant data only for purposes related to managing the tenancy. Do not share with third parties beyond what the tenant consented to, and do not repurpose it for marketing without separate consent.
  8. Safeguards: maintain appropriate technical and organizational security for any personal information in your systems. Know what data you hold, where it lives, and who has access.
  9. Breach readiness: have a breach response plan before you need it. Know the OPC notification threshold, have a designated contact, and maintain your breach records register.

How do you stay compliant when you screen through Equifax Canada or TransUnion Canada?

Canadian property managers run credit checks through Equifax Canada or TransUnion Canada — the two bureaus operating in this market. Both the OPC guidance and bureau requirements confirm that a credit check requires a name, address, and date of birth. It does not require a SIN.

The compliance obligations stack: get explicit consent before pulling the report; collect only what the bureau actually requires (name, address, DOB); limit what you retain from the report result to what informs the tenancy decision; and apply your retention policy — once the decision is made and any required record-keeping period has passed, securely destroy the credit data you accessed.

This closes the loop on the SIN question above: a landlord who argues they need the SIN for credit screening is mistaken. Neither Equifax Canada nor TransUnion Canada requires it for a standard residential tenancy credit check. Asking for it anyway is an unnecessary collection with real PIPEDA exposure.

[[cta2]]

Frequently Asked Questions

Does PIPEDA apply to small landlords?

Yes, if renting is a commercial activity. Property managers and landlords operating for profit are covered; purely personal, non-commercial arrangements may fall outside PIPEDA, but any organized PM operation is captured.

Is PIPEDA federal or provincial?

Federal by default, applying across most of Canada. British Columbia, Alberta, and Quebec have their own substantially-similar private-sector privacy laws that apply in-province instead of PIPEDA.

Can a landlord legally ask for a SIN in Canada?

A landlord can ask, but cannot require it; you must offer an alternative identity-verification method, per OPC guidance. Denying an application solely because a prospect refuses to provide a SIN is a PIPEDA violation.

What tenant information can a landlord collect under PIPEDA?

Only what is necessary for the tenancy decision: contact details, income and employment confirmation, and a consented credit check. Collection beyond that stated purpose violates the Limiting Collection principle.

What is "meaningful consent" under PIPEDA?

The applicant understands what is being collected, why it is being collected, and who will have access to it — all of this communicated in plain language, before collection begins.

Do I have to report a tenant-data breach?

Yes, to the OPC, if the breach poses a real risk of significant harm — this has been mandatory since November 1, 2018. You must also notify the affected individuals and maintain breach records for at least two years.

How long can a property manager keep applicant data?

Only as long as necessary for the stated purpose, then securely destroy it. A common practice for declined applicants is a 30–90-day retention window, after which all data — including credit report results — should be purged.

What data does a Canadian credit check actually need?

Name, address, and date of birth — not a SIN — through Equifax Canada or TransUnion Canada. Requiring a SIN for a standard residential credit check has no basis in what the bureaus actually need.

Is Quebec's privacy law different?

Yes. Quebec's Law 25 is the strictest private-sector privacy regime in Canada and applies in-province instead of PIPEDA. Property managers operating in Quebec should review their practices against its specific requirements.

Can I do ID-verified showings without violating PIPEDA?

Yes, when verification serves a specific, stated purpose — releasing access to a unit for a showing — with clear upfront consent and short retention. Purpose-built verify-to-unlock is compliant; an undisclosed standing ID sweep is not.

Privacy-respecting ID verification lets you address the scammer and squatter risk that property managers legitimately face without crossing PIPEDA's lines on consent and limiting collection. The two goals are compatible when the process is designed correctly. See how ID-verified showings stop scammers and squatters while keeping you on the right side of Canadian privacy law.

Keep your leasing team happy and organised

Learn how LetHub can cut down vacancy while maintaining a human touch.
Demo Now

Leasing Automation Report

See what property managers told us about automating leasing to cut vacancies.
Get the Free Report
Leasing Automation Report

See LetHub on your own PMS and listings

Run it live on your portfolio — book a quick demo.
Book a Demo
Leasing Automation Report
Author
Mark Johnson

Check out related blogs and PM stories

Subscribe to get free access to all content.

Property manager reviewing yard sign rental lead texts on a phone screen alongside an automated leasing flow dashboard
11 min read

How to Capture Walk-In, Yard-Sign & QR-Code Rental Leads Into an Automated Flow

Drive-by renters who text your "for info" sign or scan a QR code are your most motivated leads — and the most likely to slip away. Here's how to catch them

Read more arrow pointing
Property manager viewing a text message rental inquiry on a phone alongside a synced leasing dashboard showing availability
7 min read

How to Handle Rental Inquiries From Text-Message Leads (Without Dropping the Thread)

Text-message rental leads go cold in a shared inbox or a personal cell. Here's how to answer, qualify, and book every SMS lead in seconds — thread intact.

Read more arrow pointing
Property manager overwhelmed at a desk stacked with rental inquiries while the portfolio door count climbs
7 min

"I'm Drowning": The Growth-Blocker Most Property Managers Don't Realize Is Leasing

Growing your portfolio but it feels harder, not easier? The growth-blocker most PMs miss isn't accounting or maintenance — it's leasing throughput.

Read more arrow pointing