Why is no one talking about Quebec’s Bill 64?
Go Back

Why is no one talking about Quebec’s Bill 64?

In Quebec, new privacy legislation will be coming into effect gradually, starting September 2022. But no one is talking about it. Assurance IT developed a training to help businesses prepare for the upcoming changes.

Why the Privacy Landscape is Changing

“This new Quebec law is a great advancement in protecting personally identifiable information of the citizens of the province. It also allows Quebec to compete in international projects with countries who have strict data privacy regulations. Quebec was being eliminated from international projects because our privacy standards were not up-to-date.” said Luigi Tiano, co-founder of Assurance IT.

“On the flip-side, no one is talking about this new law that affects every single company doing business in Quebec. It has huge implications that can be hard for small businesses to comply with. Every time we mention Bill 64 to a partner or customer, they stare back at us with blank expressions. And we don’t understand why more people are not talking about it.” Tiano continued.

The Good News

Assurance IT, a Montreal-based cyber security firm specializing in data protection and privacy, is now offering training on Bill 64, Quebec’s new modernized privacy legislation. The training is provided both in English and in French.

As of September 2022, every company doing business in Quebec will have to 1) appoint a Data Protection Officer (DPO), 2) review its processes of confidentiality incidents and 3) start reporting incidents’ when required by law. By default, the role of DPO will be delegated to the person with the highest authority within the organization, usually the CEO. Alternatively, they can delegate the role to someone internally or externally. It will be required to publish the name and the business contact information of the chosen individual on the company’s website.

Bill 64 brings a complete reform of the pre-existent regime. It requires extensive research to learn about the law and the implications for an organization. Assurance IT’s eight-hour training has been put in place to offer companies the fastest route to get a better understanding of the new obligations.

The training includes, but is not limited to:
  1. The guiding principles for organizations regarding data privacy;
  2. The new rights granted to data subjects that the companies will have to respect;
  3. The appointment of the Data Protection Officer, their role and the responsibilities attached to the function;
  4. How to handle privacy incidents and when to report them;
  5. The need to understand the process of Privacy Impact Assessments (PIAs) and under what circumstances they will be required;
  6. The Important new powers of the Commission d'accès à l'information in relation to the enforcement of the law enforcement, as well as the sanctions and penalties.


Here is more information on Assurance IT’s training.

About Assurance IT: Assurance IT (www.assuranceit.ca) specializes in data protection and data privacy for the mid-market in Canada, since 2011. The Montreal-based company’s unique approach to helping customers become cyber resilient is called the PPR Methodology which stands for Prepare, Protect and Recover. Based on industry best practices, the PPR Methodology is an easier way to achieve cyber security and compliance objectives.

Featured Posts
Cyber Talk

Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.