As soon as your company or organization, handles personal information of Quebec citizens, Law 25 applies to you.
The government specifically gives you the following responsibilities:
- In case of loss, theft, or any other data incident, you must report it to CAI, the Commission d’accès à l’information du Québec.
- You must maintain an internal log of all computer incidents involving data of Quebec citizens.
- You must include in your Privacy Policy a “personal information protection officer,” who by default is “the person exercising the highest authority” and can be delegated.
The word “data” used above represents confidential personal information of Quebec citizens that “allows the identification of a natural person, directly or indirectly.” [CAI]
The full official text of the law can be found at this address:
Here are the resources provided by various professional orders in Quebec:
- Checklist Law 25 pour law offices – Barreau du Québec
- Checklist Law 25 for dental clinics – Ordre des Dentistes du Québec
For organizations and ministries:
For those interested, the spirit of the law can be captured in this text by Daniel Therrien, Privacy Commissioner of Canada:
The Law 25 translates into recurring annual work to be done for each client to be and stay compliant with the law, and prevent fines in case an offence is committed.
Systems MW has already assessed the work to be done for you and will make a recommendation at your next yearly service renewal tailored to your needs so that your company be compliant with the Law 25.
If you have any questions, feel free to contact Systems MW.