Consolidated Statutes and Regulations Consolidated Statutes Consolidated Regulations Annual Statutes and Regulations Annual Statutes Annual Regulations Additional information Québec Official Publisher What’s new? Information note Policy of the Minister of Justice Laws: Amendments Laws: Provisions not in force Laws: Provisions brought into force Annual Statutes: PDF versions since 1996 Regulations: Amendments Annual Regulations: PDF versions since 1996 Court Decisions

A-2.1, r. 4.1 - Regulation respecting the confidentiality policies of public bodies that collect personal information through technological means

Table of contents
Occurrences0
Full text
Updated to 1 January 2024
This document has official status.
chapter A-2.1, r. 4.1
Regulation respecting the confidentiality policies of public bodies that collect personal information through technological means
Act respecting Access to documents held by public bodies and the Protection of personal information
(chapter A-2.1, s. 63.4, 2nd par., and s. 155, 1st par., subpar. 6).
DIVISION I
SCOPE AND DEFINITION
O.C. 1544-2023, Div. I.
1. This Regulation applies to a public body referred to in section 3 of the Act respecting Access to documents held by public bodies and the Protection of personal information (chapter A-2.1).
It also applies to professional orders, to the extent provided for by the Professional Code (chapter C-26).
For the purposes of this Regulation, the expression public body includes a professional order.
O.C. 1544-2023, s. 1.
DIVISION II
CONFIDENTIALITY POLICY
O.C. 1544-2023, Div. II.
2. A confidentiality policy referred to in section 63.4 of the Act must contain at least
(1)  the name of the public body that collects the personal information and, where the information is collected by a third person on behalf of the public body, the name of that third person;
(2)  a description of the collected personal information;
(3)  the purposes for which the personal information is collected;
(4)  the categories of persons who, within the public body, have access to the personal information;
(5)  the means by which the personal information is collected;
(6)  if applicable, a description of the measures that may be taken to refuse the collection of personal information and the potential consequences of that refusal;
(7)  if applicable, a mention regarding the technological means available so that the person concerned by the personal information may consult or correct that information;
(8)  a mention regarding the rights of access and correction provided for by the Act, as well as the name of the person in charge of the protection of personal information at the public body and the contact information to communicate with that person;
(9)  if applicable, the name of the third persons or categories of third persons to whom it is necessary to release personal information for the purposes referred to in paragraph 3, and specifying that information or categories of information and those purposes;
(10)  if applicable, a mention as to the possibility that the personal information may be released outside Québec;
(11)  a brief description of the measures taken to ensure the confidentiality and security of personal information;
(12)  a mention of the right of the person concerned by the personal information to pursue the process for dealing with complaints regarding the protection of personal information provided for in the governance rules of the public body with respect to personal information, published under section 63.3 of the Act;
(13)  the contact information of the person, the concerned body or an administrative unit of that body to which questions regarding the confidentiality policy may be addressed;
(14)  the date of coming into force of the confidentiality policy and its most recent update, if applicable.
O.C. 1544-2023, s. 2.
3. Certain public bodies may have a common confidentiality policy insofar as they are jointly collecting personal information.
Certain public bodies may also have a common confidentiality policy insofar as a public body collects personal information on behalf of other public bodies.
O.C. 1544-2023, s. 3.
DIVISION III
NOTICE OF AMENDMENT
O.C. 1544-2023, Div. III.
4. A confidentiality policy may not be amended before the expiry of a period of 15 days from the date of publication of a notice of amendment of that policy or, if applicable, before the expiry of a shorter period mentioned in that notice of amendment. The notice must
(1)  indicate the date of its publication;
(2)  indicate the general purpose of the amendments made to the confidentiality policy, which must be specified in a section dedicated to the policy on the website of the public body;
(3)  indicate the date of coming into force of the amendments;
(4)  where the notice mentions a period shorter than the period of 15 days, indicate the reasons for which the policy must be amended in that shorter period.
O.C. 1544-2023, s. 4.
DIVISION IV
PROVISIONS COMMON TO A CONFIDENTIALITY POLICY AND A NOTICE OF AMENDMENT
O.C. 1544-2023, Div. IV.
5. Before being published, a confidentiality policy must be the subject of a consultation with the committee on access to information and the protection of personal information referred to in section 8.1 of the Act.
The same applies to any notice of amendment concerning a significant amendment to a policy.
O.C. 1544-2023, s. 5.
6. A confidentiality policy and a notice of amendment must be published in a section dedicated to the policy on the website of the public body.
The most recent former version of the policy and the corresponding notice of amendment, if applicable, must also be published in that section. The public body must ensure that the former version of the policy is not mistaken for the version that is in force.
O.C. 1544-2023, s. 6.
7. When personal information is collected by technological means, the confidentiality policy concerning that personal information and, if applicable, the notice of amendment of that policy must be brought to the attention of the person concerned by that information.
O.C. 1544-2023, s. 7.
DIVISION V
FINAL
O.C. 1544-2023, Div. V.
8. (Omitted).
O.C. 1544-2023, s. 8.
REFERENCES
O.C. 1544-2023, 2023 G.O. 2, 2737
© Gouvernement du Québec