Bill 64 came into effect in Quebec in September 2021. While it shares similarities with Canada’s Personal Information Protection and Electronics Documents Act (PIPEDA), it does have some differences as well. Quebec’s bill looks to align itself closely with the GDPR, with some of the stipulations in this law including the following:
- Privacy impact assessments (PIAs)
- Data breach reporting
- Review privacy policies and notices
- Data mapping exercises (identifying the sensitivity of the information)
- Consent exemptions
- Data transfer assessments
- DSAR process
- Appointing a privacy officer
The penalties for non-compliance in Bill 64 are far higher than any of the previous Canadian privacy laws. The previous maximum penalty sat at $50,000, but under the new privacy legislation, penalties can go up to $25,000,000.
With new requirements regarding information collected through digital means, enhanced requirements around international data transfers, mandatory breach reporting requirements, and the introduction of privacy by design, Quebec’s latest data privacy law introduces many new measures to Canada’s privacy landscape.
Make sure you’re on top of compliance with Bill 64 with our checklist. Download it to learn more.