Law 25, formerly known as the Act to modernize legislative provisions as regards the protection of personal information, is a major reform of Quebec’s data privacy legislation. Adopted in September 2021, it notably amends the Act respecting the protection of personal information in the private sector and aims to strengthen transparency, accountability, and security for organizations handling personal data. This law applies to all Quebec businesses, including SMEs and companies in the construction sector, as soon as they collect, hold, or use personal information.
Law 25 aims to:
Companies must now appoint a person responsible for the protection of personal information, usually the head of the organization or an officially designated delegate.
Every company must keep a record of privacy incidents (e.g., data breaches) and notify the Commission d’accès à l’information (CAI) and affected individuals if there is a serious risk of harm.
Consent to collect data must be clear, free, informed, and specific. It must be obtained for each distinct purpose.
Companies must inform individuals about the purposes of data collection, the methods used, and their right to access, correct, or withdraw consent.
Individuals will soon have the right to request their personal data in a structured, commonly used technological format.
It applies to all private companies operating in Quebec that collect, hold, or use personal information, regardless of their size or industry.
The obligations came into effect progressively:
Penalties can reach up to $25 million or 4% of global revenue for the most serious cases. Administrative and criminal sanctions are also provided.
To comply with Law 25, a company must appoint a person responsible for personal data protection, obtain informed consent, ensure data security, document incidents, and publish a transparent privacy policy.
Mobile-Punch saves thousands of companies time and money. Call us to find out how we could do the same for yours!
We are located at:
5955, rue Saint-Laurent
Lévis, Quebec
G6V 3P5
