Welcome To Our Awesome Magazine WordPress Theme

Are You Ready For Bill 64?

On September 22, 2022, the first set of amendments from Bill 64, specifically to Quebec’s Act respecting the protection of personal information in the private sector (Quebec Privacy Act) will come into force. Although most amendments will come into force in September 2023, we wanted to highlight some key new obligations for all enterprises who do business across Canada and use personal data in the process of doing business.

PRIVACY OFFICER DELEGATION
3.1. Any person carrying on an enterprise is responsible for protecting the personal information held by the person.

Within the enterprise, the person exercising the highest authority shall see to ensuring that this Act is implemented and complied with. That person shall exercise the function of person in charge of the protection of personal information; he may delegate all or part of that function in writing to a personnel member.

The title and contact information of the person in charge of the protection of personal information must be published on the enterprise’s website or, if the enterprise does not have a website, be made available by any other appropriate means.”

Now, by default, the person exercising the highest authority within the enterprise, for example the Chief Executive Officer, as the “person in charge of the protection of personal information.

The role and activities of the “person in charge of the protection of personal information” can be delegated to any person, in-house or an outside privacy professional. Be sure to put this in writing.

The title and contact information of the person in charge of the protection of personal information must also be published on the organization’s website or, if the organization does not have a website, by any other appropriate means.

 

MANDATORY REPORTING OF “CONFIDENTIALITY INCIDENTS”
Sections 3.5 through 3.8 include a requirement to document a Confidentiality Incident Reporting Plan and train all employees in theses policies and procedures.

Similar to the obligation under many International privacy and data protection laws, organizations must notify the Commission d’acces a l’information du Quebec (CAI) and affected individuals of any “confidentiality incident” involving personal information that presents a risk of serious injury. Notifications must be made as soon as possible.

A “confidentiality incident” is defined to mean:

Read The Full Article at Newport Thomson

Post Tags
Share Post
Written by
No comments

Sorry, the comment form is closed at this time.