It appears you are blocking scripts.

User's browsing experience may vary drastically without enabling Javascript!

Please enable javascript in your browsers settings to have a proper viewing experience!

Québec's Bill 64 Privacy Act and What It Means for Your Business Skip to main content


Subscribe to our blog to stay up-to-date.

Québec's Bill 64 Privacy Act and What It Means for Your Business

Tue Nov 23, 2021 | jean-francois roberge

Privacy is a major concern in the digital world, which is why Québec's Bill 64 (Personal Information Protection) was created. Many other government bodies around the world have already put laws in place to protect individual rights, including the European Union with the General Data Protection Regulation (GDPR) and California with the Consumer Privacy Act. This new bill will bring Québec up to the same standard. 

Bill 64 the Modern Privacy Regime 

As of September 21st 2021, the bill was passed to modernize Québec's legislative provisions to protect personal information online. The good news is that Québec is now in line with other international privacy developments. However, as a business owner with an online presence, you need to determine exactly what this means for you. The new bill affects public bodies and private businesses inside of Québec as well as any company that exists online within Québec. So if your company is concerned, it's time to start getting a plan in place.

How Will Bill 64 Affect Your Business?

It is essential to understand the bill and start working towards being fully compliant, so you are prepared for the deadline in 2023. Although this date seems far away, there are many steps you need to take to ensure your business is following all the regulations of bill 64 to avoid getting a hefty fine. One of the bill's goals is to encourage companies to adopt a Privacy by Design Approach for any services and processes they carry out online. So having the right plan in place is crucial to ensure that your company takes the appropriate steps from the start. It is also essential to have a system ready to comply with these requirements as you grow, and know how you will respond to any concerns as they arise.

With all of this in place, you will feel confident that you are following the new regulations. Furthermore, your customers will feel more comfortable going online knowing that their personal information is protected.

You also need to consider some key requirements when putting together your plan. This includes timely breach notification requirements, individual rights, outsourcing requirements, and privacy impact analysis. There are additional requirements within Bill 64, but this is a great place to start. The Office of the Privacy Commissioner of Canada has a FAQ page with more information to help businesses put these plans in place. 


How To Prepare Your Business  

Along with getting acquainted with Bill 64 yourself, it will also be necessary to inform your employees on the best practices for personal data protection. You could further appoint a person to manage the processes like developing a personal data protection policy and responding to requests looking for their personal data. This way, you will have one point of contact to manage all the processes and inquiries in a timely manner. 


You may also want to start by conducting a Privacy Impact Assessment to see how you are currently processing sensitive information. You want to make sure consent is obtained when managing personal information. This must be free, informed, and transparent. It is also vital that you only collect data for the purpose and objective of the services' processes. Companies need to be clear about why they are collecting personal information and how they are processing it. Failure to do so could cost you not only a large fine but also your organization's reputation.   


Protecting customers personal information for Bill 64 Québec. 

How You Can Avoid Fines

Organizations who do not properly meet the regulations of Bill 64 could get fines up to $25 million or 4% of their total revenue from the previous year. The severity of the regulations are real and need to be taken seriously.


What to get started with to avoid fines (but not limited to the full list of regulations):

  • Know exactly where, what and how your organization is storing data and be able to give that information to customers upon request.  
  • Look for redundancies and unnecessary data collection and eliminate those to reduce your risk.   
  • Determine what third parties have access to your personal data.
  • Implement measures to protect the personal information of your customers, employees, and partners.
  • Have a plan in place to let your customers know about confidentiality incidents (hacking) in a timely manner.

    Protecting personal information is essential for your customers' privacy and your employees. Furthermore, the significant fines you could face if you do not comply with Bill 64 are reason enough to make sure you are prepared to meet all the requirements before the deadline in 2023. This is why it is crucial to start putting your plan in place as soon as possible. 

    Cyber security and making sure your company is protected against attacks has become especially important in 2021. We are here to help. Contact us to learn more about all our IT services. 


    Contact Us Now