Consolidated Statutes and Regulations
Consolidated Statutes
Consolidated Regulations
Annual Statutes and Regulations
Annual Statutes
Annual Regulations
Additional information
Québec Official Publisher
What’s new?
Information note
Policy of the Minister of Justice
Laws: Amendments
Laws: Provisions not in force
Laws: Provisions brought into force
Annual Statutes: PDF versions since 1996
Regulations: Amendments
Annual Regulations: PDF versions since 1996
Court Decisions
P-39.1 - Act respecting the protection of personal information in the private sector
Section 3.3
Disposition versions
3.3. Any person carrying on an enterprise must conduct a privacy impact assessment for any project to acquire, develop or overhaul an information system or electronic service delivery system involving the collection, use, communication, keeping or destruction of personal information.
For the purposes of such an assessment, the person must consult the person in charge of the protection of personal information within the enterprise from the outset of the project.
The person must also ensure that the project allows computerized personal information collected from the person concerned to be communicated to him in a structured, commonly used technological format.
The conduct of a privacy impact assessment under this Act must be proportionate to the sensitivity of the information concerned, the purposes for which it is to be used, the quantity and distribution of the information and the medium on which it is stored.
In force: 2023-09-22
3.3. Any person carrying on an enterprise must conduct a privacy impact assessment for any project to acquire, develop or overhaul an information system or electronic service delivery system involving the collection, use, communication, keeping or destruction of personal information.
For the purposes of such an assessment, the person must consult the person in charge of the protection of personal information within the enterprise from the outset of the project.
The person must also ensure that the project allows computerized personal information collected from the person concerned to be communicated to him in a structured, commonly used technological format.
The conduct of a privacy impact assessment under this Act must be proportionate to the sensitivity of the information concerned, the purposes for which it is to be used, the quantity and distribution of the information and the medium on which it is stored.
