A-2.1, r. 2 - Regulation respecting the distribution of information and the protection of personal information

Full text
7. A public body must inform the committee referred to in section 2 of projects to acquire, develop or overhaul an information or electronic service system that collects, uses, keeps, releases or destroys personal information.
The committee is to suggest, from among those projects, those that must be monitored by special measures to protect personal information. The measures include
(1)  the appointment of a person in charge of the implementation of the measures to protect personal information, for each project;
(2)  the assessment, at the project’s preliminary study stage, of the risks of a breach in the protection of personal information;
(3)  measures to protect personal information for the time required to carry out the project and measures to preserve that protection during the use, maintenance, modification or evolution of the information or electronic service system;
(4)  a description of the requirements regarding the protection of personal information set out in the specifications or the contract pertaining to the project, unless the contract is performed by another public body;
(5)  a description of the responsibilities of the persons taking part in the project as regards the protection of personal information; and
(6)  the holding of training activities on the protection of personal information intended for those persons taking part in the project.
O.C. 408-2008, s. 7.