The creation of the Digital Circle
Founded in Montreal in 2022, the Digital Circle is a group of experts who help organizations comply with the new provisions of Bill 25. This law requires organizations to be more transparent and accountable when it comes to protecting personal information.
This new reference point in the digital environment also allows Quebec businesses to implement strategies adapted to their needs to minimize the risks inherent in the management of personal information under their responsibility.
Cybercrime is a growing phenomenon that spares no organization.
Every cyber attack has the potential to severely impact a company’s operations. With Bill 25, these risks will increase considerably since, in the event of non-compliance, a company will also be exposed to severe administrative and penal sanctions, significant reputational damage in addition to being open to damage claims.
In the event of a cyber attack, your organization could be exposed to highly-significant risk
Legal action
Customers, partners, shareholders or employees
Disruption of operations
Decreased production and undetermined delays
Compromise of sensitive data
Personal data, confidential data, trade secrets, intellectual property, etc.
Crisis unit
Specialized resources, emergency costs, computer network restoration, data recovery, etc.
Administrative or criminal fines for non-compliance
In case of non-compliance, Bill 25 imoposes severe fines
Damage to the organization's reputation
Loss of confidence from customers, shareholders and partners, public criticism
Cyber-security
In order to minimize these important risks, cyber-security has become an essential challenge for organizations, since it provides them with a set of means to ensure confidentiality, integrity and accessibility of the data they depend on.
Bill 25
Act 64 (An Act to modernize legislative provisions respecting the protection of personal information), adopted in September 2021 as Bill 25, requires Quebec public or private organizations to ensure the protection of the personal information they hold or face some of the most severe administrative and penal sanctions in Canada.
Your organization must comply with the provisions of Bill 25
The Digital Circle gives you access to the professional resources you need to comply with Bill 25, which requires all organizations in Quebec to protect personal information.
Timeline
SEPT 22, 2022
- Obligation to report incidents of confidentiality
- Incident response plan
- Designate your Privacy Officer
SEPT 22, 2023
- Adopt privacy governance rules
- Adopt process for handling user complaints/requests
- Publish its privacy policies and procedures on the company’s website;
- Privacy Impact Assessment (PIA) for certain personal information processing;
- Application of consent for collection of personal information
- Application of the new destruction and anonymization obligations
- Prior protection obligations regarding the sending of personal information outside Quebec
- Administrative and criminal penalties
SEPT 22, 2024
- Right to data portability