# PIPEDA Privacy Management Framework > Draft and validate the Privacy Management Framework documentation for compliance with Canada's PIPEDA and the ten CSA Model Code principles. Covers privacy governance, PIA, breach reporting, and cross-border transfer documentation. Tags: Canada, PIPEDA, Privacy, CSA Model Code ## Example Prompts - Draft our PIPEDA accountability and privacy officer designation - Document purposes and consent types for each processing activity - Prepare breach response and reporting procedures (real risk of significant harm) - Validate framework against all ten CSA principles URL: https://rakenne.app/skills/ca-pipeda-privacy-management-framework/index.md Try this skill: https://rakenne.app/a/?skill=ca-pipeda-privacy-management-framework ## Overview Draft and validate the Privacy Management Framework documentation for compliance with Canada's PIPEDA and the ten CSA Model Code principles. Covers privacy governance, PIA, breach reporting, and cross-border transfer documentation. ## Example Conversation > **You:** We need our PIPEDA Privacy Management Framework documented: accountability, the ten CSA principles, breach reporting (real risk of significant harm), and cross-border transfers. Can you draft and run the checker? > **Agent:** I'll draft the framework covering accountability (privacy officer), identifying purposes, consent, limiting collection/use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance. I'll add breach reporting threshold and timeline, and cross-border transfer safeguards, then run `pipeda_principles_checker`. > **Agent:** Created `pipeda-framework.md`. Running `pipeda_principles_checker`... > **Agent:** Check **PASS** — the document addresses the CSA principles, breach reporting, privacy officer designation, and cross-border safeguards. Ready for OPC alignment review. ## What the Tools Validate **`pipeda_principles_checker`** checks the Privacy Management Framework for: - **Ten CSA principles** — Accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, challenging compliance. - **Breach reporting** — Real risk of significant harm threshold and reporting timeline (PIPEDA/OPC). - **Privacy officer** — Designated and contactable (accountability). - **Cross-border transfer safeguards** — Documentation of safeguards for transfers outside Canada. **Output:** PASS if all are present; otherwise FAIL with a short line per missing element. Run on the draft before finalizing; fix gaps and re-run until the check passes. ## Output Excerpt Excerpt from a generated PIPEDA framework and sample checker report. **Framework (excerpt):** ```markdown ## Accountability Our organization designates a Privacy Officer responsible for PIPEDA compliance: [name], [contact]. Governance structure: [description]. ## CSA Model Code — Ten Principles 1. **Identifying purposes** — We collect personal information for [purposes]. 2. **Consent** — We obtain express/implied/opt-out consent as appropriate per activity. 3. **Limiting collection, use, disclosure, retention** — [Data inventory and lifecycle]. 4. **Accuracy, safeguards, openness, individual access, challenging compliance** — [Policies and procedures]. ## Breach Reporting Where there is a real risk of significant harm, we notify the OPC and affected individuals per PIPEDA requirements. Timeline: [X days]. Threshold and process: [description]. ## Cross-Border Transfers Transfers of personal information outside Canada are governed by [safeguards: contracts, adequacy, etc.]. We document transfer mechanisms and ensure equivalent protection where required. ``` **pipeda_principles_checker report (excerpt):** ``` === PIPEDA PRINCIPLES CHECK (CSA) === Result: PASS Document: pipeda-framework.md CSA principles addressed (8 principle-related references found). Breach reporting (real risk of significant harm, timeline) documented. Privacy officer designated and contactable. Cross-border transfer safeguards documented. PIPEDA Privacy Management Framework meets CSA expectations. ``` ## Getting Started Add your source materials to the project workspace (data inventory, consent matrix, breach procedure), then activate the *PIPEDA Privacy Management Framework* skill. The agent will guide you through drafting and validating with `pipeda_principles_checker`. --- Back to [Skill Library](https://rakenne.app/skills/index.md)