January 24, 2023

 

Introduction

Certain amendments to Québec’s Act respecting the protection of personal information in the private sector (the “Québec Act”) and the Act to establish a legal framework for information technology (the “Québec IT Act”) introduced by The Privacy Legislation Modernization Act (“Law 25”), took effect on September 22, 2022.

The purpose of this Advisory is to provide an overview of the requirements under the Québec Act and the Québec IT Act that came into effect on September 22, 2022.

The Advisory also refers to the requirements of the Regulation respecting confidentiality incidents (the “Regulation”). The Regulation came into force on December 29, 2022, and sets out additional notification and record-keeping requirements with respect to confidentiality incidents.

The Québec Act, the Québec IT Act, and the Regulation will apply to any private sector organization that: (i) is established in Québec; or (ii) if established outside of Québec, operates in Québec.

This Advisory also compares the provisions under the Regulation and the provisions in Law 25 that came into effect on September 22, 2022, with the analogous provisions under the federal private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the Breach of Security Safeguards Regulations (“PIPEDA Regulation”).

At the end of this Advisory, checklists have been provided to assist organizations with their compliance with the new requirements under the Québec Act, the Québec IT Act, and the Regulation.

Click below to review the full Advisory: