The objectives of Bill 25, particularly for businesses, are to enhance the protection of personal information held by businesses, to increase public confidence in businesses and to support innovation by considering new technologies. The obligations of the Act will come into effect progressively until 2024 and in case of non-compliance with the Act, the Commission d’accès à l’information will be able to impose penalties that could amount to up to $25 million or 4% of the company’s worldwide turnover, in proportion to the seriousness of the breach and the company’s ability to pay.
The Quebec government wants to continue to find ways to improve the protection of Quebecers’ personal information and will continue to study the possibilities of adding measures to ensure this. Among these, it is possible that additional measures could be added to Bill 25 that would give more powers to the Ministry of Cyber Security and Digital (MCN). The MCN could potentially demand accountability from private and public organizations.
The first sitting of the 43rd Legislature in the National Assembly will be held on Tuesday, November 29, 2022. It may be possible to see in the first few weeks what the government will do to ensure better protection of Quebecers’ private data.