Compliance hub
The rules that shape the design.
A plain-English breakdown of the Canadian and Ontario rules that apply to commercial security systems — and how we work them into the design up front instead of fixing them on audit.
Federal (Canada)
PIPEDA — Personal Information Protection and Electronic Documents Act
PIPEDA governs how businesses collect, use, and disclose personal information. Video surveillance falls squarely inside its scope, which means every commercial camera deployment has a PIPEDA angle whether the installer addresses it or not.
Applies to: Private-sector organizations collecting personal information in the course of commercial activity.
Ontario
PHIPA — Personal Health Information Protection Act
PHIPA is Ontario's governing statute for personal health information. For security system design, it places heavy restrictions on where cameras can go, what they can capture, and how long any related information may be retained.
Applies to: Health information custodians — hospitals, clinics, labs, specialty practices, pharmacies, and their agents.
Ontario
Ontario Private Security & Investigative Services Act (PSISA)
PSISA (administered by the Ministry of the Solicitor General) licenses security businesses and individuals in Ontario. Related to electrical and low-voltage work, the Electrical Safety Authority (ESA) licenses low-voltage contractors and mandates the safety standards that low-voltage installations must meet.
Applies to: Security integrators, guards, investigators, and agencies operating in Ontario.
Canada (national)
ULC-listed central station monitoring
ULC — Underwriters Laboratories of Canada — certifies central monitoring stations against standards including ORD-C1023 and CAN/ULC-S561. Many insurance policies, cannabis licences, and high-risk commercial deployments specifically require ULC-listed monitoring, not any available provider.
Applies to: Alarm systems required to meet insurance, regulatory, or sector-specific monitoring standards.
A note on this hub
Plain-English, not legal advice.
We write these pages for the facilities lead, property manager, or clinic manager who has to actually decide what gets installed — not for a regulator. They summarize what the rules require and how we translate them into design.
None of this is legal advice. For anything binding, consult your privacy officer, legal counsel, or the regulator's own guidance.