Reference
Glossary
Abbreviations, laws, and certifications used on tonia.
- PIA
- Privacy impact assessment. Required written document before sending personal information outside Canada (Bill 25, art. 17).
- Privacy Officer
- Person responsible for protecting personal information in your organisation. Your official Bill 25 contact — usually a senior leader or delegate (art. 3.1).
- Bill 25
- Quebec law on private-sector personal information protection (RLRQ, c. P-39.1). Formerly Bill 64.
- CAI
- Commission d'accès à l'information du Québec. The regulator that investigates and sanctions Bill 25 violations.
- CLOUD Act
- US law (2018) that lets American authorities compel data from US-headquartered companies — even when the data is stored in Canada.
- Bill 96
- Quebec French-language law (Charter of the French Language). Requires services and products to be available in French.
- PIPEDA
- Canada's federal Personal Information Protection and Electronic Documents Act. Applies to businesses in Canada outside Quebec.
- GDPR
- General Data Protection Regulation. European Union privacy law — the EU equivalent of Bill 25.
- SOC 2 Type II
- Independent audit certification for system security, availability, and confidentiality (AICPA standard, United States).
- ISO 27001
- International standard for information security management. Certified through external audit.
- DPA
- Data Processing Agreement. Contract between you and a vendor that processes personal information on your behalf.