CAN/DGSI 109-2, Privacy - Part 2: Canadian Information Privacy Protection Framework

This standard specifies minimum requirements for organizations that access, collect, use, retain, and disclose personal information, and offers any benefit or consideration regardless of monetary exchange for such benefit or consideration.

The standard aims to provide a baseline framework for organizations seeking to harmonize conformance to the various provincial/territorial, federal, and international legislation and treaties.

The standard is not intended to prescribe how an organization should implement controls. Rather, the standard will guide organizations using jurisdiction and technology agnostic approaches due to differences across industries/sectors. The standard is also not intended to replace existing standards, certifications, policies or processes which presently allow organizations to conduct business at the national and global level.

This Standard applies to all industries/sectors, including public and private companies, government entities, and not-for-profit organizations.

DATE POSTED: April 24, 2025

DEADLINE FOR COMMENTS: July 23, 2025