CAN/DGSI 109-2:2024

Scope This standard specifies minimum requirements for organizations that access, collect, use, retain, and disclose personal information, and offers any benefit or consideration regardless of monetary exchange for such benefit or consideration. The standard aims to provide a baseline framework for organizations seeking to harmonize conformance to the various provincial/territorial, federal, and international legislation and treaties. The standard is not intended to prescribe how an organization should implement controls. Rather, the standard will guide organizations using jurisdiction and technology agnostic approaches due to differences across industries/sectors. The standard is also not intended to replace existing standards, certifications, policies or processes which presently allow organizations to conduct business at the national and global level. This Standard applies to all industries/sectors, including public and private companies, government entities, and not-for-profit organizations.