Biometrica Compliance with Canadian Privacy Laws (March 2025)

Overview

Biometrica Systems, Inc. operates fully in compliance with Canadian privacy and data protection laws. While Canada does not have a unified national data protection law, applicable federal, provincial, and municipal regulations govern the collection and use of personal and biometric information. Biometrica’s privacy-by-design architecture, human-in-the-loop process, and partnership model ensure compliance across jurisdictions.

Federal: PIPEDA (Personal Information Protection and Electronic Documents Act)

Applicability

PIPEDA applies to private-sector organizations that collect, use, or disclose personal information in the course of commercial activities, with special provisions for security and law enforcement purposes.

Biometrica Compliance

  • Biometrica does not collect or process consumer data for commercial activities.
  • Biometrica only processes law enforcement-sourced records under authorized partnerships.
  • No biometric identifiers, faceprints or other biometric templates are accessed, retained, transmitted, or stored.
  • All biometric comparisons occur externally via a NIST-approved third-party provider operating within an isolated black box environment.
  • Biometrica’s systems do not access or process personal information subject to PIPEDA unless permitted under the law enforcement exemption.

Quebec: Bill 64 (Act to Modernize Privacy Provisions of Private Sector Act)

Applicability

Quebec’s Bill 64 imposes specific obligations regarding biometrics, consent, and privacy impact assessments (PIAs).

Biometrica Compliance

  • Biometrica’s deployment in Quebec would occur solely under contracts with law enforcement or authorized public safety agencies.
  • Human-in-the-loop verification meets the province’s requirement for additional safeguards in AI and biometric systems. 
  • Biometrica does not use generative AI, and has no access to biometrics. 
  • Biometrica does not perform mass surveillance or engage in general biometric data collection.
  • Privacy Impact Assessments (PIAs) are conducted as part of solution deployment.

British Columbia: PIPA (Personal Information Protection Act)

Applicability

Regulates the collection, use, and disclosure of personal information by private-sector organizations.

Biometrica Compliance

  • Biometrica qualifies for security service and law enforcement partnership exemptions.
  • No biometric identifiers or faceprints are stored, transmitted, or retained.
  • Human analyst verification is mandatory for all alerts, limiting the risk of automated decision-making.

Alberta: PIPA (Personal Information Protection Act)

Applicability

Nearly identical to BC’s PIPA, with equivalent restrictions on biometric data usage.

Biometrica Compliance

  • Biometrica’s systems function exclusively in conjunction with authorized law enforcement or public safety agencies.
  • Human-in-the-loop review and relevance-based alerting prevent indiscriminate biometric processing.
  • The system does not engage in mass surveillance or commercial data collection.

Ontario: Municipal Regulations & Frameworks

Applicability

Ontario lacks a province-wide PIPA equivalent but various municipalities (e.g., Toronto) have introduced governance frameworks restricting or guiding facial recognition use.

Biometrica Compliance

  • Biometrica does not deploy general facial recognition or mass surveillance systems.
  • Sensors do not access, store or transmit biometric templates.
  • The system operates under partnerships with authorized security and public safety agencies.
  • The Toronto Artificial Intelligence Governance Framework aligns with Biometrica’s approach due to its:
    • Human oversight requirement.
    • Accountability and audit processes.
    • Proportionality and minimization principles.

Cross-Jurisdictional Notes

  • Biometrica’s systems follow the principles outlined in Canada’s AI and Data Governance frameworks, including proportionality, necessity, transparency, and human oversight.
  • No biometric gallery exists.
  • Biometrica operates without direct consumer interaction; all users are trained, credentialed law enforcement, authorized security personnel or vetted and credentialed investigators.
  • Biometrica performs Privacy Impact Assessments (PIAs) and would consult with legal counsel where necessary prior to deployment in Canadian jurisdictions.