Canadian PIPEDA
Personal Information Protection and Electronic Documents Act. Federal Canadian private-sector privacy law.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
PIPEDA: Breach of Security Safeguards (Division 1.1)
| Code | Title |
|---|---|
| PIPEDA-10.1 | Report of Breach to the Commissioner |
| PIPEDA-10.1(6) | Real Risk of Significant Harm Assessment |
| PIPEDA-10.1-ind | Notification of Breach to Individuals |
| PIPEDA-10.2 | Notification to Other Organizations |
| PIPEDA-10.3 | Records of Breaches |
PIPEDA: Complaints and Oversight
| Code | Title |
|---|---|
| PIPEDA-11 | Filing of Complaints with the Commissioner |
PIPEDA: Consent and Use (Division 1)
| Code | Title |
|---|---|
| PIPEDA-5(3) | Appropriate Purposes |
| PIPEDA-6.1 | Valid Consent |
| PIPEDA-7 | Collection, Use and Disclosure Without Consent |
| PIPEDA-7.3 | Disclosure for Prospective Business Transaction |
PIPEDA: Schedule 1 Fair Information Principles
| Code | Title |
|---|---|
| PIPEDA-4.1 | Principle 1 - Accountability |
| PIPEDA-4.1.3 | Accountability for Transfers to Third Parties |
| PIPEDA-4.1.4 | Policies and Practices (Privacy Management Program) |
| PIPEDA-4.10 | Principle 10 - Challenging Compliance |
| PIPEDA-4.2 | Principle 2 - Identifying Purposes |
| PIPEDA-4.2.4 | New Purpose Requires New Consent |
| PIPEDA-4.3 | Principle 3 - Consent |
| PIPEDA-4.3.4 | Form of Consent Calibrated to Sensitivity |
| PIPEDA-4.3.8 | Withdrawal of Consent |
| PIPEDA-4.4 | Principle 4 - Limiting Collection |
| PIPEDA-4.5 | Principle 5 - Limiting Use, Disclosure and Retention |
| PIPEDA-4.5.3 | Secure Destruction and Retention |
| PIPEDA-4.6 | Principle 6 - Accuracy |
| PIPEDA-4.7 | Principle 7 - Safeguards |
| PIPEDA-4.7.3 | Categories of Safeguards |
| PIPEDA-4.7.4 | Employee Awareness of Safeguards |
| PIPEDA-4.8 | Principle 8 - Openness |
| PIPEDA-4.8.2 | Required Openness Information |
| PIPEDA-4.9 | Principle 9 - Individual Access |
| PIPEDA-4.9.4 | Access Response Timelines |
| PIPEDA-4.9.5 | Correction and Notation |
Maps to 1 other framework
Frequently Asked Questions
What is Canadian PIPEDA?
Canadian PIPEDA is a compliance framework from Canada with 4 domains and 31 controls. Personal Information Protection and Electronic Documents Act. Federal Canadian private-sector privacy law. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Canadian PIPEDA have?
Canadian PIPEDA has 31 controls organised across 4 domains. The largest domains are PIPEDA: Schedule 1 Fair Information Principles (21 controls), PIPEDA: Breach of Security Safeguards (Division 1.1) (5 controls), PIPEDA: Consent and Use (Division 1) (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Canadian PIPEDA map to?
Canadian PIPEDA maps to 1 other compliance frameworks. The top mapping partners are GDPR (68% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Canadian PIPEDA compliance?
Start your Canadian PIPEDA compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Canadian PIPEDA requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 31 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required