cover image: Québec Privacy Law Reform: - Compliance Guide for Organizations


Québec Privacy Law Reform: - Compliance Guide for Organizations

21 May 2024

repetitiveness, and duration of repetitiveness and duration the offence of the violation • The sensitivity of the personal • The sensitivity of the personal information involved information involved • Whether the offender acted • The number of individuals intentionally or with recklessness affected by the violation and or negligence the risk of harm to those • The foreseeability of the individuals. [...] The PIA must be “proportionate to the sensitivity of the information concerned, the purpose for which it is to be used, the quantity and distribution of the information and the medium on which it is stored” (s. [...] An organization must also inform, on request, the individual of: (i) the personal information collected from them, (ii) the categories of employees who have access to the information within the organization, (iii) the duration of the period of time the information will be kept; and (iv) the contact information of the Privacy Officer (s. [...] • An agreement is reached with the other party, stipulating that the latter undertakes: (i) to use the information only for the purpose of completing the commercial transaction; (ii) not to communicate the information without the individual’s consent; (iii) to take the necessary measures to ensure the protection of the confidentiality of the information; and (iv) to destroy the information if the. [...] The new section 21 states that the information may be communicated if a PIA concludes that: (i) the personal information is needed to achieve the objective; (ii) it is unreasonable to require the requesting person or body to obtain consent from the individual concerned; (iii) the objective of the research outweighs the impact on individual privacy in light of the public interest; (iv) the informat.
Published in