• There are no suggestions because the search field is empty.
00 - Hero Blog
00 - Single Post

Quebec Law Bill 25: Does this concern me? 3 questions to ponder.

February 7, 2023 by NOVIPRO

A law that modernizes legislations respecting the protection of personal information

Clearly, yes; every individual working for an employer is and will be held responsible for his or her personal information as well as that of others. A simple and very common example of a confidentiality incident under the law is the intentional or accidental inclusion of personal information in Outlook and Google contact profiles. “Personal information” under the new law could be a mobile phone number, personal email and physical address, children's names, SIN, birthdays, etc. stored in most organizations’ databases.

Therefore, it’s critical to be involved now to avoid the risk of damaging legal ramifications.


Here are the three challenging questions to ponder:

1- As President or CEO, have you appointed a person responsible for managing Law Bill 25 matters incidents and the protection of personal information?

If not yet, please know:

  • You’re late. That requirement came into effect last September 22nd.
  • Also, until a person is appointed, the law states that, you as top leader, are delegated by default. Therefore, you will be held responsible for the consequences of any confidentiality incidents taking attention away from your core operations. So, now is the right moment time to step up and ahead of the legislation.

2- Did you know that all confidentiality incidents MUST be reported to the Commission d`Accès à l`Information (CAI)? Also, if said confidentiality incidents involve staff members, their actions should also be reported to the CAI.
You’re required to maintain a documented record of incidents made available to the CAI upon request.

3- What and where are the personal information confidentiality breaches within your organization?
It's imperative to update your organisation’s governance and compliance processes with respect to the law. This is a daunting challenge for any organisation these days and the complexity is tied to the number and type of blindspots your environment holds.

This latest chapter in the fast-paced and ever-changing practice of cybersecurity will surely become headline news in the months and years ahead.

As of September 22, 2023, failure to comply with these obligations could result in penal fines and penalties. Law 25 will finally take full effect on that same date in 2024.

Your NOVIPRO team can help your organization with the process, from start to finish.

You can also find a conference on Law Bill 25 that was given at our CyberEX event by clicking HERE.

Eric DistexheAuthor: Eric Distexhe, Sales Specialist - Network Solutions & Security - NOVIPRO


Get in touch with one of our experts
to find out how to cyber secure your business