A practical privacy checklist for AI projects in Canada, covering PIPEDA, Quebec Law 25 and provincial law.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
A practical privacy checklist keeps AI projects out of trouble in Canada. Run through these before you build, covering PIPEDA, Quebec Law 25 and provincial law.
| Item | Detail |
|---|---|
| Map the data | What personal information does the AI touch, and whose? |
| Consent & purpose | Do you have a valid purpose and consent where required? |
| Transfers | Will data leave Canada or Quebec? (Law 25 PIA) |
| Automated decisions | Does the AI decide about people? (Law 25 transparency) |
| Residency & safeguards | Where is data processed, and is it secured? |
Before you build
Map what personal information the AI will touch and whose it is; confirm a valid purpose and consent where required; and decide whether data will leave Canada or Quebec (which triggers a Law 25 privacy impact assessment for Quebec residents’ data).
For decision-making AI
If the AI makes decisions about people, plan for Quebec Law 25’s transparency and human-review obligations, and for bias testing under human-rights law. Document the principal factors the model uses.
Residency and safeguards
Decide where data is processed and how it is secured, with audit logging. osFoundry’s managed cloud pins data to US, EU or Japan — it does not currently offer a Canadian managed region. For data that must stay in Canada, the honest path is self-hosting osFoundry (BYO Cloud) inside a Canadian cloud region such as AWS Canada (Montréal/Calgary), Azure (Toronto/Quebec City) or Google Cloud (Montréal), or running models locally on-device. For sensitive data, a self-hosted or Canadian-region setup simplifies the privacy story.
Where dgm fits
dgm is an independent integration partner that helps Canadian businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.