MAJOR NEW CHANGES
Quebec’s Law 25 has arrived to revamp privacy laws in the province’s private and public sectors. Titled “An Act to Modernize Legislation Provisions Respecting the Protection of Personal Information,” this law brings stricter privacy requirements for businesses. It comes with substantial fines and increased powers for the “Commission d’acces à l’information” (CAI) and emphasizes transparency, consent, and enhanced safeguards.
Drawing inspiration from Europe’s General Data Protection Regulation (GDPR), Law 25 is a step in the right direction for Quebec. It aligns with GDPR’s objectives of safeguarding personal information and ensuring accountability. Quebec businesses must take note of the law’s key provisions:
- Prompt disclosure: Businesses engaging in biometric data processing must inform the Commission d’accès à l’information du Québec (CAI) at least 60 days before implementing the system.
- Privacy guardianship: Appointing a designated person responsible for protecting personal information becomes mandatory for businesses.
- Incident reporting: Businesses are obliged to report any breaches of confidentiality that compromise personal information.
It is expected to have a major impact on businesses in Quebec. The law introduces penalties with the potential to reach up to 4% of annual revenue, and administrative fines of up to CAD 10,000,000 or 2% of worldwide turnover from the previous year, as determined by the CAI.
With echoes of GDPR, Law 25 brings Quebec in line with global privacy standards. It enforces mandatory privacy assessments, ensuring adequate protection when sharing personal information outside the province. Additionally, businesses must secure separate and granular consent from individuals and uphold their new rights, such as data portability.
A NEW ERA FOR TRUST
While there is room for improvement, Law 25 is a step towards a more privacy-conscious society in Quebec. It follows the footsteps of GDPR, signaling Quebec’s commitment to protecting personal information. Compliance may pose challenges, but it presents an opportunity for businesses to foster trust, unlock the value of data, and promote innovation and economic growth.
In conclusion, Quebec’s Law 25, inspired by GDPR, presents a progressive stride in privacy protection. The law’s stringent requirements and potential fines compel businesses to prioritize the safeguarding of personal information. By embracing this privacy-focused approach, Quebec can pave the way for enhanced data governance and the establishment of a resilient and secure digital landscape.
Interested in learning more? Click here for an in-depth analysis Canadian Privacy Legislation.