Authors: Nicolas St-Sauveur, Catherine Hébert, Sarah Leclerc
Last September, the New Privacy Requirements Came Into Effect in the Province of Québec.
The Act respecting the Protection of Personal Information in the Private Sector (the “ARPPIPS”), which had been deemed obsolete for several years, was recently revamped and has now more teeth, especially due to the possible penalties for non-compliance. However, the ARPPIPS’s update is not over yet, as new requirements will come into effect on September 22, 2023, and September 22, 2024.
Much like the General Data Protection Regulation passed in Europe in 2016, the new ARPPIPS requires businesses to be more transparent about how they manage personal information in their possession. In addition to granting better rights to individuals, the ARPPIPS also introduces new tools and processes for businesses to put in place, which must be prepared to prove their compliance at all times to the Commission d’accès à l’information (the “CAI”), regardless of their size.
