Bill 25, prepare your compliance.

The 10 most frequently asked questions about Bill 25

Bill 25, also known as “An Act to modernize legislative provisions relating to the protection of personal information”, came into force on September 22, 2022. This law aims to strengthen the protection of the personal information of Quebec citizens and give them more control over the use of their data.

Do you have questions about Bill 25? This blog article answers the 10 most frequently asked questions about this important law.

In this article you will learn:

  • What is Bill 25?

  • What are the main changes brought by Bill 25?

  • Who is responsible for implementing Bill 25?

  • What are the sanctions for non-compliance with Bill 25?

  • Where can I find more information about Bill 25?

  • What types of personal information are covered by Bill 25?

  • How can I obtain consent from an individual for the collection, use or disclosure of their personal information?

  • What steps should I take to protect the personal information I collect?

  • What should I do in the event of a privacy incident?

  • What are the solutions to comply with Bill 25?

Whether you are an entrepreneur, an employee or simply a citizen of Quebec, it is important to understand your rights and obligations under Bill 25. This blog article will help you find your way.

Keep reading to discover the answers to the 10 most frequently asked questions about Bill 25!

What is Bill 25?

Bill 25, also known as the “Act modernizing legislative provisions relating to the protection of personal information”, aims to strengthen the protection of the personal information of Quebec citizens. It applies to any organization that collects, uses or discloses personal information, including businesses, government agencies and not-for-profit organizations.

What are the main changes brought by Bill 25?

Bill 25 introduces several important changes, including::

  • Mandatory consent: Organizations must obtain the free and informed consent of an individual before collecting, using or disclosing their personal information.
  • The right of access and rectification: Individuals have the right to access their personal information and to rectify it if it is inaccurate or incomplete.
    The right to erasure: Individuals have the right to request erasure of their personal information in certain circumstances.
  • The duty to notify confidentiality incidents: Organizations must notify the Commission d’access à l’information du Québec (CAI) in the event of a confidentiality incident likely to cause serious harm to a person.

Who is responsible for implementing Bill 25?

Each organization is responsible for implementing Bill 25 within its activities. This means that each organization must adopt policies and procedures to ensure that it meets the requirements of the Act.

What are the sanctions for non-compliance with Bill 25?

Organizations that fail to comply with Bill 25 face penalties of up to $20 million or 2% of their annual revenue, whichever is greater.

Where can I find more information about Bill 25?

You can find more information about Bill 25 on the Commission d’access à l’information du Québec (CAI) website.

What types of personal information are covered by Bill 25?

Bill 25 covers all information that allows a person to be identified, including their name, address, telephone number, email address, social insurance number, credit card number, etc. It also targets sensitive information, such as health information, political opinions and religious beliefs.

How can I obtain consent from an individual for the collection, use or disclosure of their personal information?

Consent must be free and informed. This means that the person must be informed of the nature of the personal information you collect, how you will use it and to whom you will communicate it. You must also obtain the individual’s consent before using their personal information for purposes other than those for which it was collected.

What steps should I take to protect the personal information I collect?

You must implement technical and organizational security measures to protect the personal information you collect. These measures may include:

  • Data encryption
  • Controlling access to data
  • Training employees on the protection of personal information

What should I do in the event of a privacy incident?

In the event of a privacy incident, you must first assess the severity of the incident and the risk of harm to those affected. If the risk of harm is serious, you must notify the CAI within 72 hours. You should also take steps to limit the damage caused by the incident.

Are there solutions to comply with Bill 25?

To meet the requirements of Bill 25, MS Solutions has developed, in partnership with the Delegatus law collective, a complete solution supporting both the cybersecurity and legal aspects of compliance. This collaboration has given rise to a robust offering that effectively supports companies in their regulatory compliance process.

.At the heart of our proposition, we offer a toolbox integrated into SharePoint. This turnkey solution contains all the regulatory elements necessary for the first two phases of implementation of Bill 25. Our goal is to simplify the compliance process and provide our clients with a user-friendly and practical tool.

We are particularly proud to share that our solution was distinguished for its excellence and innovative nature. In fact, we were selected as finalists in the Technological Innovation category at the prestigious Mercuriades 2024 in Quebec. This recognition highlights the effectiveness and relevance of our approach to meeting the compliance needs of businesses in a constantly evolving context.

To find out more, visit our dedicated page.

In short,

Bill 25 is an important law that aims to protect your personal information. It is important to understand your rights and obligations under this law in order to protect yourself and the personal information of others.

This blog article addressed the 10 most frequently asked questions about Bill 25. For more information, do not hesitate to contact our team of experts, we will be happy to advise you on compliance.

Here are some tips to help you comply with Bill 25:

  • Obtain consent from individuals before collecting, using or disclosing their personal information.
  • Protect the personal information you collect by implementing technical and organizational security measures.
  • Be transparent about how you use personal information.
  • Inform affected individuals in the event of a privacy incident.

By following these tips, you can help protect your personal information and that of others.

Remember: the protection of personal information is a fundamental right. Bill 25 is an important tool to help you protect this right.

Share article:

This might interest you...

Subscribe to our newsletter

Soyez informé des prochains webinaires, des nouveaux services et des contenus d’intérêt.

Follow us