C-1.1 - Act to establish a legal framework for information technology

Full text
52. The policy statement of a certification or directory service provider must specify, at least,
(1)  what information may be entered in a certificate or a directory and what information is confirmed as accurate by a certificate, as well as the guarantees of accuracy offered by the service provider ;
(2)  the information review intervals and the updating procedure ;
(3)  who may be issued a certificate and who may cause information to be entered in a certificate or a directory ;
(4)  any restrictions on the use of certificates and directory entries, including a limit on the value of the transactions for which they may be used ;
(5)  how it can be determined, upon making a communication, whether a certificate or information entered in a certificate or in a directory is valid, suspended, cancelled or stored ;
(6)  how additional available information not yet entered in the certificate or the directory, especially as regards updated use restrictions applicable to certificates, may be obtained ;
(7)  the confidentiality policy applicable to information received or communicated by the service provider ;
(8)  the complaints procedure ; and
(9)  how certificates will be disposed of by the service provider upon ceasing to operate or becoming bankrupt.
The policy statement of a certification or directory service provider must be accessible to the public.
2001, c. 32, s. 52.