Doing Business in Canada: Outsourcing

by Bennett Jones LLP

Most Canadian industries employ a broad range of third party service structures to ensure that certain operations and business processes are performed more efficiently and effectively than customers are able (or even know how) to do themselves. Canada remains at the forefront of such integrated enterprise solutions.

Canada’s federal system provides for distinct law-making jurisdiction between the federal and provincial levels of government. Nonetheless, a combination of federal and provincial laws may apply to aspects of outsourcing transactions.

Federal Law

Canada’s federal law applies throughout Canada in such areas as income tax, intellectual property (IP), evidence and corporate law. Certain businesses may be subject to related federal laws. For example, the Office of the Superintendant of Financial Institutions Act applies to federally regulated enterprises, as do labour and employment standards, and privacy regulations.

Telecom Sector Outsourcing

Licences granted under the Telecommunications Act may be subject to conditions that prevent or restrict an outsourcing transaction. Non-Canadian controlled entities may be restricted from carrying on the business of a telecommunications carrier in Canada. Certain outsourced services of foreign-controlled telecommunications enterprises may be regulated (and, therefore, prohibited) service activities. Call centres are regulated by the CRTC and telemarketers must comply with do-not-call regulations.

Financial Sector Outsourcing

The Office of the Superintendent of Financial Institutions Canada (OSFI) oversees federally regulated financial institutions in Canada. OSFI’s B-10 Guideline applies to federally regulated entities that outsource (or contemplate outsourcing) one or more business activities to a supplier.

Provincial Law

Provincial law covers many outsourcing-related areas such as: contract law; remedies and the enforcement of rights; labour and employment standards; real property; privacy; evidence; and corporate law. Provincial laws regulating outsourcing transactions require that certain corporate records and information be kept (or accessible) within the province. Some provincial privacy and personal health information laws restrict security requirements and public sector outsourcing.

Technology Export Laws

The Export and Import Permits Act (EIPA) may restrict exports of advanced technology (i.e., technical information or software) from Canada. The EIPA requires compliance with the Area Control List (a list of countries for which the control of export of any goods is required) and the Export Control List (a list of specific goods that are controlled for specific purposes).

The EIPA may substantially impact the outsourcing of technical information or software that is specifically regulated. Communication security devices, such as advanced encryption, may be subject to the EIPA. Breach of the EIPA may result in substantial fines, imprisonment and other penalties.

Intellectual Property and Confidentiality Laws

IP aspects of outsourcing transactions in Canada include whether: foreign laws will respect the parties’ contractual intentions; international IP treaties apply; and IP and confidentiality rights are enforceable outside Canada.

Public Sector Outsourcing

All federal government outsourcing procurement is directly managed and administered by Public Works & Government Services Canada. Privacy regulation also applies to outsourcing by federal public sector entities.

Created in 2011, Shared Services Canada oversees the specialized procurement of information technology, communications, data management and related supply chain management issues through a common procurement and back-office infrastructure across many federal government ministries, departments and other agencies.

Provincial laws regulate the procurement of goods and services by provincial public sector entities. Privacy regulation also applies to outsourcing by applicable provincial public sector entities. Provincial sale of goods legislation implies certain conditions and warranties in a contract for the sale of goods, not services, including: reasonable quality; fitness for purpose; conformity to sample; and merchantability.

Outsourcing and Financial Information

Enterprises that outsource financial business or information technology (IT) activities into (or from) Canada must be cognizant of: federal and provincial evidence laws; GAAP standards prescribed by the Canadian Institute of Chartered Accountants; provincial securities commission requirements; and provisions concerning the electronic maintenance of commercial records under the Income Tax Act and Customs Act.

Legal Structures

A wide range of commercial, corporate and legal structures may be used in outsourcing transactions, resulting in different levels of governance, service management and risk management. Traditional outsourcing - involving a services agreement under which the supplier provides a well defined set of services to the customer according to a defined payment schedule - may be evidenced by a  comprehensive agreement or number of documents that address, for example, the service specification; quality and performance obligations; IT operations; dispute resolution; and change of control.

Shared Service Outsourcing

Multiple customers (public or private) may consolidate a common business process, back-office function or other aspect of their infrastructure into a single, commonly utilized entity or operation. This shared service outsourcing provides cost efficiencies and increased production quality.


Customers who have service agreements with different suppliers for specific services must create a central management control facility to monitor and manage service integration among several suppliers.

Joint Venture or Partnership

Where the customer and supplier structure the outsourcing relationship as a joint venture, each party contributes certain assets, technology and capital to the entity performing the services for the customer.

Design, Build, Operate and Transfer

Where the supplier creates the necessary infrastructure to provide the relevant services, the supplier may operate the infrastructure for a period of time on a turn-key basis and subsequently transfer the ownership and operation to the customer.

Outsourcing & Data Protection

While outsourcing is generally permitted, some provinces restrict the extraterritorial transfer of certain public sector personal information. In the private sector, disclosure of information to outsource data processing is generally permitted.

The Personal Information and Electronic Documents Act (PIPEDA) regulates the collection, use and disclosure of personal information for federally regulated commercial entities across Canada. Alberta, British Columbia and Québec have substantially equivalent private sector data protection legislation. Many provinces also have specialized health information legislation governing the disclosure of personal health information that is collected and used through the public healthcare system.

Asset Transfers

A transfer in the ownership of chattels can generally be effected by exchanging consideration for possession. The transferred assets must be grouped into real estate, chattels and intangible property and then all asset classes must be effectively conveyed. A bill of sale may evidence the transfer of title to most chattels. Compliance with provincial laws will ensure that title is properly transferred. National and provincial security interest searches (including lien searches) must also be undertaken.

Confidentiality of Customer Data

Confidentiality obligations regarding customer data are integral to most outsourcing transactions and agreements. They can arise through:

  • PIPEDA and provincial medical records and health information protection laws;
  • Agreements to comply with applicable data protection, privacy and safe-harbour laws outside of the jurisdiction where the outsourcing services will be provided;
  • Third-party and customer contractual and trade-secret confidentiality, non-disclosure and information protection obligations; and
  • Common law or equitable duties of confidence and non-disclosure arising from fiduciary relationships (i.e., joint ventures).

These are primary obligations in outsourcing agreements. Customer records remain the property of the outsourcing party.


Third-party service structures help companies perform more efficiently and effectively. In Canada, many aspects of these outsourcing transactions may be subject to both federal and provincial laws, regulation, public policy as well as common law requirements.

Bennett Jones Procurement & Outsourcing Group

The Bennett Jones Procurement & Outsourcing Group has wide-ranging experience with complicated, long-term product and service contracts. We have extensive experience in drafting complex agreements, preventing or resolving employment issues with outsourced personnel and ensuring that agreements are met. Our firm was lead counsel to Bearing Point and 19 large Ontario hospitals in the structural and commercial organization of the largest health sector outsourcing and shared-service transaction in Canadian history at the time of the transaction.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bennett Jones LLP | Attorney Advertising

Written by:

Bennett Jones LLP

Bennett Jones LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.