Quebec Privacy Law: Is Your Organization Ready for New Rules in Force this September?

  • September 21, 2022
  • Ronak Shah, Wendy Mee, Ellie Marshall

On September 22, 2022, the first set of amendments from Bill 64, An Act to modernize legislative provisions as regards the protection of personal informationto Quebec’s Act respecting the protection of personal information in the private sector (Quebec Privacy Act) and the Act to establish a legal framework for information technology (Quebec IT Act) will come into force.

In previous bulletins, we discussed how Bill 64 will change Quebec’s privacy laws. Although most amendments will come into force in September 2023, below we highlight significant changes in force this September. 

PRIVACY OFFICER DELEGATION

The Quebec Privacy Act creates obligations for any person carrying on an enterprise to protect personal information and will now automatically designate the person exercising the highest authority within the enterprise (e.g., the Chief Executive Officer) as the “person in charge of the protection of personal information.” The role of the “person in charge of the protection of personal information” can be delegated to any person, such as a privacy officer, or even a third party. However, this delegation must be made in writing.

The title and contact information of the person in charge of the protection of personal information must also be published on the organization’s website or, if the organization does not have a website, by any other appropriate means.