1 / 15

Charles Morgan June 19, 2003

An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the Quebec privacy regime » and « Lessons learned ». Charles Morgan June 19, 2003. A. Particularities of the Quebec privacy regime. 1. Not stand alone:.

oriel
Download Presentation

Charles Morgan June 19, 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Act respecting the protection of personal information in the private sector (Quebec):« Particularities of the Quebec privacy regime » and « Lessons learned » Charles Morgan June 19, 2003

  2. A. Particularities of the Quebec privacy regime

  3. 1. Not stand alone: • Statutory privacy regime buttressed by C.C.Q. and by Charter of the Human Rights and Freedoms

  4. 2. Not a code: • Principles are not neatly listed (e.g., 1-10); but principal fair information principles are in the law: a) identifying purposes b) limited collection c) limiting use, disclosure and retention d) accuracy e) safeguards f) access and rectification

  5. 3. Collection: • Is organized by « file »: each file has an object / purpose. • Informational obligation relates not just the « object of the file » , but also a description of the use which will be made of the information, the categories of persons who will have access to it within the enterprise, the place where the file will be kept and the rights of access and rectification.

  6. 4. Use: • The Quebec Privacy Act establishes special treatment for the use of « nominative lists » (i.e. lists of names, addresses or telephone numbers of natural persons: • may use nominative lists for purpose of commercial or philathopic prospection, without consent; • but, must provide « opt out » option.

  7. 5. Communication: • Every person carrying on an enterprise in Québec who communicates, outside Québec, information relating to persons residing in Québec must take « all reasonable steps » to ensure that the information will not be used for purposes not relevant to the object of the file or communicated to third persons without the consent of the person concerned.

  8. 6. Access and rectification: • The person holding a file that is the subject of a request for access by the person concerned must respond within 30 days. • C.C.Q.: notice of rectification must be given without delay to every person having received the information in the preceding six months.

  9. 7. Consent: • Must be « manifest, free and enlightened ». • No specific treatment of « sensitive » personal information.

  10. B. Lessons learned

  11. 1. Privacy is important • Employees and customers are critically important to all businesses... especially yours. • So is their privacy and the integrity of their personal information. • If a business fails to respect this bond of privacy respect/integrity, it’s image and integrity are imperilled. • For businesses that deal with consumers, any standard form approach which fails to respect this bond and privacy law obligations is a short road to terribly adverse publicity, potential class actions and punitive damages.

  12. 2. Identifying purposes • Don’t underestimate the time required to identify personal information held on file and the problems of dealing with existing personal information (e.g., no grandfathering). • Make sure you define the purpose for collecting/using/disclosing personal information with language which is relevant to the whole ongoing relationship with the concerned individual, i.e. pre-employment through termination and references, as an example. The same principle applies to drafting consent language.

  13. 3. Consent • Get the consent at the beginning of the relationship with the individual. • Make sure your consents allow you to disclose personal information in the context of commercial transactions, even due diligence. • Make sure consents are enforceable (e.g., online data collection).

  14. 4. Communication • Don’t forget that each company in a corporate group is a separate legal person... a third party for purpose transfer/disclosure/use of personal information. • Make sure to include appropriate contractual safeguards when communicating personal information to third parties. • Consider the effect of multiple (overlapping) jurisdictions whenever communicating personal information to third parties.

  15. Thank you

More Related