Québec's Act to Modernize Legislative Provisions respecting the Protection of Personal Information (Bill 64) received royal assent on 22 September 2021 ("Act"). The Act aims to modernize Quebec's private sector and public sector privacy laws, bringing it in line with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the GDPR. The Act will enter into force in phases over a three year period from the date of assent.

The Act amends Québec's Act respecting the protection of personal information in the private sector by introducing additional obligations for private sector organizations, which include the following:

  • Ensure that the parameters of the technological products or services used to collect personal information, by default, provide the highest level of confidentiality;
  • Establish and implement governance policies and practices regarding personal information that ensure the protection of such information;
  • Designate a person to be in charge of the protection of personal information within the organization (i.e. privacy officer);
  • Conduct privacy impact assessments;
  • Conduct confidentiality incident reporting and maintain a confidentiality incident register; and
  • Before communicating personal information outside Québec conduct an assessment of privacy-related factors.