34 cadres de conformité canadiens, cartographiés

PIPEDA

Office of the Privacy Commissioner of Canada (OPC)

Canada's federal private-sector privacy law

Commission d'accès à l'information du Québec (CAI)

Law 25

Quebec, Canada

Quebec's sweeping privacy reform — Canada's strictest

CASL

Canadian Radio-television and Telecommunications Commission (CRTC)

Canada's anti-spam and electronic consent law

Office of the Information and Privacy Commissioner of Alberta (OIPC)

PIPA (Alberta)

Alberta, Canada

Alberta's private-sector privacy law — substantially similar to PIPEDA

Office of the Information and Privacy Commissioner for BC (OIPC BC)

PIPA (BC)

British Columbia, Canada

BC's private-sector privacy law — recognized as substantially similar to PIPEDA

Federal — Canada (pending)

CPPA / Bill C-27

Canada's GDPR-equivalent — the biggest privacy law reform in 20 years

Office of the Privacy Commissioner of Canada + new Privacy Tribunal

Healthcare

PHIPA

Ontario, Canada

Ontario's health privacy law — governing all PHI custodians

Information and Privacy Commissioner of Ontario (IPC Ontario)

Healthcare

HIA (Alberta)

Alberta, Canada

Alberta's health privacy law for custodians and affiliates

Office of the Information and Privacy Commissioner of Alberta (OIPC)

Healthcare

HIIA (BC)

British Columbia, Canada

BC's modernized health data governance framework

Office of the Information and Privacy Commissioner for BC

Financial

FINTRAC

Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)

Canada's AML/CFT compliance framework

Financial

OSFI B-10

Office of the Superintendent of Financial Institutions (OSFI)

Canada's federal financial institution technology risk framework

Financial

OSFI E-21

Office of the Superintendent of Financial Institutions (OSFI)

Operational risk and resilience for federally regulated financial institutions

AI & Digital

AIDA

Federal — Canada (pending)

Canada's first federal AI regulation law

AI and Data Commissioner (new office, pending)

AI & Digital

Digital Charter

Innovation, Science and Economic Development Canada (ISED)

Canada's 10-principle framework for digital trust

Government

ATIA

Office of the Information Commissioner of Canada

Federal right of access to government information

International (applies globally)

ISO 27001

The international gold standard for information security

International Organization for Standardization (ISO)

International (applies globally)

ISO 27701

The privacy extension to ISO 27001 — mapping to PIPEDA and GDPR

International Organization for Standardization (ISO)

International (AICPA standard)

SOC 2 Type II

The SaaS security standard expected by every enterprise buyer

American Institute of CPAs (AICPA)

International (US origin, globally adopted)

NIST CSF

The cybersecurity risk framework adopted by Canadian enterprises and government

National Institute of Standards and Technology (NIST)

International (applies to all merchants)

PCI DSS

Mandatory security standard for every Canadian business that accepts cards

PCI Security Standards Council