News

Bill 25 — Modernizing the Protection of Personal Information

2 min read
Modernisation de la protection des renseignements personnels

Heads-up: Bill 25 comes into force in September 2022. Make sure to update the privacy policy on your website with the name of the person responsible for the protection of personal information. If you don’t have a privacy policy on your site, we can help you create one. ACT TO MODERNIZE LEGISLATIVE PROVISIONS AS REGARDS THE PROTECTION OF PERSONAL INFORMATION

Why?

  1. Strengthen the protection of personal information held by businesses
  2. Increase citizens’ trust in businesses
  3. Support innovation while taking new technologies into account

Support and gradual entry into force

  • The Commission d’accès à l’information will publish guidelines to help businesses understand their new obligations
  • Most provisions will apply starting in September 2023. The Act will come into force gradually until September 2024

Timeline of the main milestones

 

September 2022

  • Designate a person responsible for the protection of personal information
  • Notify the individuals concerned in the event of a confidentiality incident that could cause them serious harm

September 2023

  • Establish a governance framework for the protection of personal information
  • Enhance the information provided to citizens when their personal information is collected
  • Destroy or anonymize personal information in certain circumstances
  • Assess privacy risks when personal information is used and disclosed in certain situations
  • Obtain the individual’s prior consent to use their personal information for commercial prospecting purposes

September 2024

  • Disclose, at the request of the individual concerned, the personal information they have provided to a business

In the event of non-compliance with the Act, the Commission d’accès à l’information may impose significant penalties, which could reach up to $25M or 4% of worldwide turnover. This penalty will be proportional, in particular, to the seriousness of the breach and to the business’s ability to pay. Source: https://www.quebec.ca/gouvernement/ministeres-et-organismes/institutions-democratique-acces-information-laicite/acces-documents-protection-renseignements-personnels/pl64-modernisation-de-la-protection-des-renseignements-personnels https://www.quebec.ca/gouvernement/ministeres-et-organismes/institutions-democratique-acces-information-laicite/acces-documents-protection-renseignements-personnels/pl64-modernisation-de-la-protection-des-renseignements-personnels See also this document https://cdn-contenu.quebec.ca/cdn-contenu/adm/min/conseil-executif/publications-adm/acces-information/protection_des_renseignements_personnels/LigneTemps_PL64.pdf This text, written by two lawyers, clearly explains how the law applies in the context of a client relationship https://www.quebechabitation.ca/lois-et-reglements/loi-25-consentement-et-exceptions/

Share

Search

Have questions?

Write to us for a free meeting to assess your needs: support@zaa.cc or contact us.

Latest news