Photo: Jacques Boissinot The canadian Press
The minister of Justice, Sonia LeBel, has introduced bill c-64 before the national Assembly on Friday, a year after the leak of personal data of millions of Desjardins members.
The minister of Justice, Sonia LeBel, wants to force companies to appoint a “responsible for the protection of personal information” within their team.
This employee will be responsible to develop and publish guidance applicable to the retention and destruction “of personal information, as well as a” complaints handling process “. It should also convey to individuals who request the personal information gathered about them, and this, ” in the form of a written transcript and intelligible “, one can read in the bill 64.
Ms. LeBel has tabled before the national Assembly on Friday, a year after the leak of personal data of millions of Desjardins members.
The draft of the act 64 directs businesses to “destroy” or at least” de-identify “personal information” when the purposes for which [it] was collected, or used are being performed “, unless it is subject to a retention period required by any law.
The 60-page document clarifies the right of an individual to demand the end of the “dissemination” of personal information that concerns on the Web, in particular, ” or, in the désindexé any hyperlink attached to his name for access to this information by a technological means, when the dissemination of that information violates the law or a court order “.
In addition, the bill 64 regulates the “collection” and the” use “of personal information obtained through the use of” a technology with functions of identification, tracing or profiling of the person concerned “. Minister LeBel is concerned about “decision[s] based[s] solely on automated processing” of such information.
In the event of an incident
The draft law of minister LeBel introduced rules relating to the treatment by public and private organizations, “incidents” affecting the privacy of personal information, that is to say” access”,” use”, “disclosure” of personal information, unauthorized by the law or even the “loss” or “any other infringement of the protection” of personal information. “If the incident presents a risk of serious harm is caused, it [the organization] shall, with due diligence, notify the Commission of access to information, [as well as] any person whose personal information is affected by the incident.” That said, ” a person whose personal information is involved in the incident does not need to be informed as this would be likely to hinder an investigation “, contained in the draft law.
Any business will need to record each incident of privacy in a register accessible by the Commission of access to information.
Finally, Ms. LeBel account also, by his bill 64, to enhance the administrative monetary penalties on any person who “collects, discloses, uses or destroys personal information” or ” does not declare to the Commission or to the relevant people, if required, an incident of privacy “.