🇨🇦 What PIPEDA Compliance Requires (Simplified):
Limit access to personal data (PII)

Track who accessed what & when (audit logs)

Detect unauthorized access or oversharing of PII

Report data exposure or policy violations

What We’ll Simulate in Code:
We'll create a compliance check script that:

Flags access to PII by roles like interns or analysts

Logs when an employee accesses a PII dataset

Identifies if PII data is shared with external domains (e.g., fake logs)

In [20]:
#step 1 load employee access and tagged data
import pandas as pd
#Load files
employees = pd.read_csv('employees.csv')
tagged = pd.read_csv('tagged_catalog.csv')

#Define roles Not allowed to access PII
restricted_roles = ['intern','analyst']

#Get datasets that contain PII
pii_datasets=tagged[tagged['data_classification']=='PII']['dataset_name'].unique()

print("PII datasets:", pii_datasets)

#Step 2: Flag PIPEDA violations

#function to checkfor PII access by restricted roles
def check_pipeda_violation(row):
    if row['dataset_name'] in pii_datasets and row['role'].lower() in restricted_roles:
        return 'violation - Unauthorized PII Access'
    return 'Compliant'

# Apply to employees datasets
employees['pipeda_flag'] = employees.apply(check_pipeda_violation,axis =1)

#view violation
violations = employees[employees['pipeda_flag'] != 'Compliant']
violations

violations.to_csv('pipeda_violations.csv', index=False)
print("Violations report saved as pipeda_violations.csv")


PII datasets: ['customers' 'employees']
Violations report saved as pipeda_violations.csv
