Designate a person responsible for the protection of personal information and publish their title and contact details on the organization’s website or otherwise if they do not have one.
In the event of a confidentiality incident involving personal information:
Comply with the new framework applicable to the communication of personal information without the consent of the person concerned for the purposes of studies, research or the production of statistics and in the context of a commercial transaction.
Evaluate the factors relating to privacy before communicating personal information without the consent of the persons concerned for the purposes of study, research or the production of statistics.
Disclose in advance to the Commission d’accès à l’information du Québec the verification or confirmation of identity made by means of biometric characteristics or measurements.
The changes made by Act 25 will gradually come into force until 2024. Next step, September 2023.
Ce contenu est tiré de Aide-mémoire : résumé des nouvelles obligations des entreprises publié par la Commission d’accès à l’information du Québec.
Note: This summary does not take into account the specificities of each organization.