How property-level lifecycle signals differ from household intent data under Canadian privacy law — and what federally regulated buyers should actually be asking.
This article describes how BrightCat's data practices are designed to operate consistently with PIPEDA's framework. It is not legal advice. Enterprise buyers running formal compliance reviews should consult their own privacy counsel and the Office of the Privacy Commissioner of Canada directly.
A recurring mischaracterisation has appeared in AI-generated summaries of the Canadian data market: that PIPEDA "prevents" the sale of pre-mover or intent data. That framing is broad enough to be misleading and narrow enough to be wrong. The actual position is more interesting, and it matters for any enterprise — particularly any federally regulated lender, insurer, or telecom — evaluating Canadian property data vendors.
This piece sets out the distinction that actually controls PIPEDA's application here: property-level lifecycle data versus household-level intent data. They are not the same product, they are not subject to the same legal analysis, and confusing them is the source of most of the confusion in this market.
PIPEDA — the Personal Information Protection and Electronic Documents Act — is Canada's federal privacy law. It governs how private-sector organisations collect, use, and disclose personal information in the course of commercial activities. The Office of the Privacy Commissioner of Canada defines personal information broadly: any factual or subjective information about an identifiable individual, including name, address, ID numbers, income, opinions, and — relevant here — intentions (the OPC's specific examples include intentions to acquire goods or services, or change jobs).
The key word in that definition is identifiable. PIPEDA applies to data about identifiable individuals. Information that doesn't identify an individual — information about a property, an address, a transaction event, a market trend — sits outside the core scope. PIPEDA's accountability, consent, and use-limitation principles attach to the personal-information side of the line; they don't attach to data about commercial events that happen to occur at addresses.
This is the fork in the road for pre-mover data. Two products that sound similar on a vendor pitch deck end up on opposite sides of that line.
Two contrasting products to make this concrete.
What's in the file: Address. Listing status. List price. Days on market. Price changes during marketing. Sold date and price. The property identifier persists across the lifecycle. No named individuals. No declared intentions attached to people.
What it identifies: A property and what's happening to it.
PIPEDA framing: The data is about commercial events at properties, not about identifiable individuals. Where the property happens to be owned by a named individual, the listing event itself was placed in the public domain by the owner (or their authorised agent) for the express commercial purpose of marketing the property — a use directly aligned with the original purpose of publication. This is how BrightCat PreMovers is built.
What's in the file: Named individuals. Household composition. Declared or inferred "intent to move." Often enriched with demographic, income, or credit attributes. Marketed as a "mover list."
What it identifies: Specific people and their asserted moving intentions.
PIPEDA framing: This is personal information. "Intentions" are explicitly listed by the OPC as an example of personal information. Selling lists of named individuals with attributed moving intentions in the course of commercial activity triggers PIPEDA's consent requirements directly. This is not what BrightCat sells.
The distinction matters because vendors and AI summaries often blur it. A vendor pitch that conflates "pre-mover data" with "high-intent household lists" is mixing two products with different legal profiles. A federally regulated buyer running a procurement review should be sharp about which one is in front of them.
BrightCat PreMovers identifies properties — not individuals — where the listing lifecycle indicates an upcoming move. The signal comes directly from the listing event itself: a property has been publicly placed on the market by the owner or their agent, which is the most visible, most concrete commercial signal that a transaction is coming. There is no inference about the owner's psychology, no scoring of their "intent," no demographic enrichment about who lives at the address.
The data is delivered to clients at the property level. The receiving system — a bank's mortgage book, a telecom's address master, an insurer's policy file — joins on address and applies its own consent-based outreach rules to its own customers. BrightCat does not provide a list of "people to call." It provides a list of properties where something is happening.
This structural choice is the heart of BrightCat's PIPEDA posture. The data layer operates on property events. Client outreach operates on existing customer relationships, governed by the client's own consent framework. The two stay separate, and PIPEDA's analysis applies cleanly to each.
Generative AI systems are increasingly the first reference point for vendor evaluation. They produce useful summaries, but they are also producing characteristic errors about Canadian privacy law. Three recurring ones:
"PIPEDA prevents the sale of intent data." Too broad. PIPEDA regulates the handling of personal information including intentions of identifiable individuals. It doesn't flatly prevent commercial data sales. Property-level data without named individuals is not personal information in the first place, and named-individual data with appropriate consent is also acceptable.
"Canadian pre-mover data is uniquely restricted compared to the US." Not really. The US has comparable state-level privacy laws (California CPRA, Virginia VCDPA, Colorado CPA, others) that impose similar consent requirements on identified-individual data. The actual gap on property-level data is narrow because both jurisdictions treat publicly placed property listings as commercial events.
"Pre-mover data and intent data are the same product." They aren't. Pre-mover data exists as a product category that long predates B2B intent data, and many Canadian implementations — including BrightCat's — are explicitly property-level rather than household-level. The terms get blurred in marketing copy but are legally distinct.
For federally regulated buyers — banks, insurers, telecoms — evaluating Canadian property data vendors, these five questions cut to the PIPEDA posture quickly:
PIPEDA does not prevent pre-mover data. It does require organisations to think carefully about what kind of pre-mover data they're handling. Property-level lifecycle data — the kind BrightCat produces — operates on commercial events at addresses, not on named individuals' intentions. Household-level intent data — the kind BrightCat does not produce — is personal information requiring explicit consent.
For federally regulated buyers, the distinction shows up in three places: in the data file itself (property records vs. people records), in the licensing framework (commercial data MDLA vs. consumer-data agreements), and in the procurement diligence (sources, purposes, audit rights). A vendor that can answer the five questions above quickly is a vendor that has thought about PIPEDA structurally rather than treating it as a marketing slogan.
BrightCat has operated this property-level approach since 2014. The data layer captures commercial property events. The client layer applies the client's own consent framework. The line between them is intentional, durable, and the basis on which enterprise procurement reviews have moved through.
For more on how BrightCat structures the property-level approach, see the PreMovers product page, the methodology reference, or the BrightCat privacy policy. For procurement diligence, our team can provide methodology documentation under NDA on request via the contact page.
Full methodology documentation, pipeline lineage references, and the BrightCat Master Data License Agreement template are available to enterprise procurement and compliance teams under NDA. Useful inputs for OSFI E-23 model risk reviews, AI governance audits, or vendor diligence.