M-17.1.1 - Act respecting the Ministère de la Cybersécurité et du Numérique

Occurrences0
Full text
Updated to 1 April 2024
This document has official status.
chapter M-17.1.1
Act respecting the Ministère de la Cybersécurité et du Numérique
AN ACT RESPECTING THE MINISTÈRE DE LA CYBERSÉCURITÉ ET DU NUMÉRIQUE
CHAPTER I
MINISTER OF CYBERSECURITY AND DIGITAL TECHNOLOGY
2021, c. 33, s. 1.
1. The mission of the Minister of Cybersecurity and Digital Technology is to instigate and coordinate state action in the areas of cybersecurity and digital technology.
The Minister proposes general policy directions in those areas to the Government, determines the sectors of activities in which the Minister intends to act as a matter of priority and advises the Government and public bodies. The Minister also proposes to the Government measures to increase the effectiveness of the fight against cyber attacks and cyber threats in Québec.
For the purposes of this Act, the bodies referred to in section 2 of the Act respecting the governance and management of the information resources of public bodies and government enterprises (chapter G-1.03) are public bodies.
2021, c. 33, s. 1.
2. The Minister must set objectives and develop policies, strategies and programs to ensure the carrying out of the Minister’s mission. The Minister directs, coordinates and oversees the application of the objectives, policies, strategies and programs.
The Minister must, in the areas of cybersecurity and digital technology, ensure that government actions are cohesive and concordant and must, to that end, take part in the development of measures and in ministerial decisions in those areas, and give an opinion whenever the Minister deems it appropriate.
The Minister is responsible for the administration of the Acts assigned to the Minister and performs any other function assigned by the Government.
2021, c. 33, s. 1; 2023, c. 28, s. 12.
3. The responsibilities of the Minister with regard to public bodies, which form the public administration for the purposes of this section, are the following:
(1)  developing a set of means to offer individuals and enterprises quality digital services, ensuring as much as possible not to cause a digital divide;
(2)  seeing to the optimal use of digital technologies in the delivery of public services;
(3)  ensuring the development, implementation and deployment of the digital public administration initiative and the promotion and implementation of any measure furthering the adaptation of public services to digital public administration;
(4)  ensuring the implementation of a strategy for the public administration’s digital transformation, including, as applicable, the implementation of any related plan, and assisting public bodies in implementing the strategy;
(5)  coordinating the efforts of public bodies and supporting them in adopting optimal management practices with respect to information resources;
(6)  ensuring that public bodies adopt the best cybersecurity practices;
(7)  ensuring government coordination in matters of information security and establishing targets applicable to all public bodies to measure their performance in strategic, tactical and operational terms, as well as government efficiency in addressing threats, vulnerabilities and incidents involving information security;
(8)  establishing information security requirements applicable to public bodies and ordering them, when required, to implement those requirements to ensure the protection of their information assets and the information such assets hold; and
(9)  establishing the governance framework for information resource projects of government-wide interest and ensuring the development of related technological solutions.
2021, c. 33, s. 1.
4. The Minister provides public bodies with common technology infrastructure services and support system services capable of, among other things, supporting such bodies in the exercise of their functions and in their delivery of services so as to promote their digital transformation.
The Minister pools and develops in-house expertise on common technology infrastructures. The Minister contributes to enhancing digital information security within public bodies and the availability of services to individuals and enterprises through the increased use of secure, high-performance shared technology infrastructures within such bodies.
The Minister determines, in writing, the offer of common technology infrastructure services and support system services provided by the Minister. The Minister describes the services and determines their nature and extent, the conditions for their use, including the responsibilities of the Minister and of users as well as any other conditions. The Minister publishes the list of services provided on the website of their department as well as any amendment to the list, within a reasonable time.
The Minister may provide any other information resource service to a public body to meet a specific need of such a body, where the latter so requests.
2021, c. 33, s. 1; 2023, c. 28, s. 13.
5. For the purposes of section 4, the Minister must, more specifically,
(1)  ensure that the common technology infrastructure services and support system services under the Minister’s responsibility are accessible;
(2)  ensure that the Minister’s services meet public bodies’ needs, taking into account government priorities and the portfolio of priority projects, and ensure the development of those services;
(3)  seek to optimize the design, execution, maintenance, operation and development costs of the Minister’s services so as to improve their efficiency and effectiveness with respect to performance objectives and contribute to government-wide savings;
(4)  establish customer relationship management processes to support public bodies using the Minister’s services and measure their level of satisfaction with respect to the services provided;
(5)  see to it that the standards conducive to ensuring the confidentiality, integrity and availability of the public body information the Minister keeps are complied with and maintained, in particular by putting security measures in place; and
(6)  contribute to the emergence of exemplary and innovative technology management practices in collaboration with the various stakeholders in the information technology community.
2021, c. 33, s. 1.
5.1. The Minister provides public bodies with certification services, including the related directory services, and the electronic signature services that the Government determines.
An order made under the first paragraph determines the services covered, the terms and conditions under which they are to be provided, and the cases in which and conditions on which a public body is required to call on those services to meet its needs. The order may authorize the Minister to delegate certain functions relating to such services to a public body. To enable its implementation, the order may also provide for the transfer to the Minister of a public body’s information assets as well as of the resulting obligations.
Where an order made under the first paragraph concerns certification and directory services, it must contain the policy statement provided for in section 52 of the Act to establish a legal framework for information technology (chapter C-1.1).
2023, c. 28, s. 14.
6. The Minister acts as cloud broker for public bodies by making cloud offerings available by type of good or service.
For that purpose, the Minister must prepare a catalogue of cloud offerings designed to meet the bodies’ needs and assist them in such matters.
2021, c. 33, s. 1.
7. The Minister may provide the services referred to in sections 4 and 5.1 as well as make available the offerings referred to in section 6 to any other person or entity designated by the Government.
2021, c. 33, s. 1; 2023, c. 28, s. 15.
8. In exercising his or her functions, the Minister may, in particular,
(1)  enter into agreements with any person, association, partnership or body;
(2)  enter into agreements, in accordance with the applicable legislative provisions, with a government other than that of Québec or a department or body of such a government, or with an international organization or a body of such an organization;
(3)  conduct or commission consultations, research, studies and analyses; and
(4)  grant, on the conditions the Minister determines, financial or technical assistance.
2021, c. 33, s. 1.
9. If the Minister considers it expedient, the Minister may establish a committee of experts to advise the Minister in the areas of cybersecurity or digital technology.
The committee is made up of persons appointed by the Minister who have expertise, experience and a marked interest in the area concerned.
The members of such a committee are not remunerated, except in the cases, on the conditions and to the extent that may be determined by the Government. They are, however, entitled to the reimbursement of expenses incurred in the exercise of their functions, on the conditions and to the extent determined by the Government.
2021, c. 33, s. 1.
10. The Minister determines the tariff of fees as well as the other forms of remuneration payable for the services he or she provides, including those for the acquisition of goods necessary for the provision of the services. The tariff and other forms of remuneration may vary according to the service provided or the clientele served.
The above forms of remuneration require the approval of the Conseil du trésor.
The Minister publishes on the Minister’s department’s website, within a reasonable time, the rate schedule and any amendment to it.
2021, c. 33, s. 1.
10.1. The Government may authorize the Minister to implement a pilot project aimed at studying, testing or innovating in the areas of cybersecurity or of digital technology, or at defining standards applicable in those areas. Such a project may involve public bodies or government enterprises within the meaning of the Act respecting the governance and management of the information resources of public bodies and government enterprises (chapter G-1.03), any other enterprise, or individuals.
In compliance with the applicable legislative provisions, in particular regarding the protection of personal information and of privacy, the Government determines the standards and obligations applicable within the scope of a pilot project. It also determines the monitoring and reporting mechanisms applicable within the scope of a pilot project.
A pilot project is established for a period of up to three years which the Government may extend by up to one year. The Government may modify or terminate a pilot project at any time.
The results of a pilot project are to be published on the website of the Ministère de la Cybersécurité et du Numérique not later than one year after the end of the pilot project.
2023, c. 28, s. 16.
CHAPTER II
MINISTÈRE DE LA CYBERSÉCURITÉ ET DU NUMÉRIQUE
2021, c. 33, s. 1.
11. The Ministère de la Cybersécurité et du Numérique is under the direction of the Minister of Cybersecurity and Digital Technology.
2021, c. 33, s. 1.
12. The Government appoints a Deputy Minister of Cybersecurity and Digital Technology in accordance with the Public Service Act (chapter F-3.1.1).
2021, c. 33, s. 1.
13. Under the Minister’s direction, the Deputy Minister administers the department.
In addition, the Deputy Minister performs any other function assigned by the Government or the Minister.
2021, c. 33, s. 1.
14. The Deputy Minister has the Minister’s authority in the exercise of his or her functions.
2021, c. 33, s. 1.
15. The Deputy Minister may, in writing and to the extent the Deputy Minister specifies, delegate the exercise of the Deputy Minister’s functions to a public servant or to the holder of a position.
The Deputy Minister may, in the instrument of delegation, authorize the subdelegation of the functions the Deputy Minister specifies; in such a case, the Deputy Minister identifies the public servant or holder of a position to whom they may be subdelegated.
2021, c. 33, s. 1.
16. The personnel of the department consists of the public servants required for the exercise of the Minister’s functions; the public servants are appointed under the Public Service Act (chapter F-3.1.1).
The Minister determines those public servants’ duties if they are not determined by law or by the Government.
2021, c. 33, s. 1.
17. The Minister’s or Deputy Minister’s signature gives authority to any document emanating from the department.
No instrument, document or writing is binding on the Minister or may be attributed to the Minister unless it is signed by the Minister, the Deputy Minister, a member of the personnel of the department or a holder of a position but, in the latter two cases, only to the extent determined by regulation of the Minister.
2021, c. 33, s. 1.
18. The Minister may, by regulation and on the conditions the Minister determines, allow a signature to be affixed by means of an automatic device or by means of any other information technology-based process.
2021, c. 33, s. 1.
19. A document or copy of a document emanating from the department or forming part of its records, signed or certified true by a person referred to in the second paragraph of section 17, is authentic.
2021, c. 33, s. 1.
CHAPTER III
CYBERSECURITY AND DIGITAL TECHNOLOGY FUND
2021, c. 33, s. 1.
20. The Cybersecurity and Digital Technology Fund is established under the Minister’s responsibility.
2021, c. 33, s. 1.
21. The Fund is dedicated to
(1)  financing public bodies’ common technology infrastructures and support systems;
(2)  financing the services offered or provided by the Minister;
(3)  financing projects or activities in the area of cybersecurity or digital technology; and
(4)  paying any financial assistance granted under this Act.
The financing of a common technology infrastructure or support system may cover its design, execution, maintenance, development and operation.
2021, c. 33, s. 1.
22. The following are credited to the Fund:
(1)  the sums collected by the Minister for the services the Minister provides, including those for acquisition of the goods necessary for the provision of the services;
(2)  the sums transferred to it by the Minister of Finance under sections 53 and 54 of the Financial Administration Act (chapter A-6.001);
(3)  the sums transferred to it by a minister or by a budget-funded body listed in Schedule 1 to the Financial Administration Act out of the appropriations granted for that purpose by Parliament;
(4)  the gifts, legacies and other contributions paid into the Fund to further the achievement of its purposes; and
(5)  the interest earned on the sums credited to the Fund.
2021, c. 33, s. 1.
23. The sums required to pay any expense needed to finance or pay the elements specified in section 21, excluding the Minister’s administrative expenses, are debited from the Fund.
2021, c. 33, s. 1.
24. Any surpluses accumulated by the Fund are transferred to the general fund on the dates and to the extent determined by the Government.
2021, c. 33, s. 1.
25. The Auditor General audits the Fund’s books and accounts each year and whenever ordered by the Government.
2021, c. 33, s. 1.