PIPEDA — Personal Information Protection and Electronic Documents Act · vPIPEDA — S.C. 2000, c. 5 (S…
PIPEDA — Personal Information Protection and Electronic Documents Act
PIPEDA — Personal Information Protection and Electronic Documents Act — 100% covered.
6 requirements · 6 enforced · 0 designed · 0 advisory · 0 deferred.
Source: Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5. Part 1 + Schedule 1 (the ten fair-information principles, originally CSA Model Code): accountability (4.1), identifying purposes (4.2), consent (4.3), limiting collection (4.4), limiting use/disclosure/retention (4.5), safeguards (4.7), openness (4.8), individual access (4.9). Breach-of-security-safeguards reporting under s.10.1 (in force since 2018).
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Accountability + openness (Sch.1 4.1, 4.8) | 1 | 1 | 0 | 0 | 0 | 100% |
| Purpose + consent (Sch.1 4.2-4.3) | 1 | 1 | 0 | 0 | 0 | 100% |
| Limiting collection/use/retention (Sch.1 4.4-4.5) | 1 | 1 | 0 | 0 | 0 | 100% |
| Safeguards (Sch.1 4.7) | 1 | 1 | 0 | 0 | 0 | 100% |
| Individual access (Sch.1 4.9) | 1 | 1 | 0 | 0 | 0 | 100% |
| Breach reporting (s.10.1) | 1 | 1 | 0 | 0 | 0 | 100% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
pipeda.sch1-4.1 |
Schedule 1, Principle 1 (4.1) — Accountability: an organisation is responsible for personal information under its control and must designate an individual accountable for compliance | enforced | audit_events: kye.compliance.attestation.v1, kye.evidence.decision_map.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/21-DELEGATED-AUDITABILITY.md |
pipeda.sch1-4.3 |
Schedule 1, Principle 3 (4.3) — Consent: the knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
pipeda.sch1-4.5 |
Schedule 1, Principle 5 (4.5) — Limiting use, disclosure and retention: personal information must not be used or disclosed for purposes other than those for which it was collected, and retained only as long as necessary | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.tool_call.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/30-AUDIT-WORM-RETENTION.md |
pipeda.sch1-4.7 |
Schedule 1, Principle 7 (4.7) — Safeguards: personal information must be protected by security safeguards appropriate to the sensitivity of the information | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.tool_call.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/30-AUDIT-WORM-RETENTION.md |
pipeda.sch1-4.9 |
Schedule 1, Principle 9 (4.9) — Individual access: on request, an individual must be told of the existence, use and disclosure of their personal information and given access to it | enforced | audit_events: kye.evidence.pack.v1, kye.evidence.decision_map.v1engines: internal, internalconstitution_refs: constitution/31-DATA-GOVERNANCE-PACK.md |
pipeda.s10.1 |
Section 10.1 — Breach of security safeguards: report to the OPC and notify affected individuals where a breach creates a real risk of significant harm | enforced | audit_events: kye.signal.incident.opened.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |