In recent history, we have witnessed numerous privacy scandals that have caused significant headaches. In response to this, the government of Quebec has chosen to implement new measures to protect the privacy of Quebecers in the form of Law 25. These measures were adopted and gradually implemented since September 2022 and will come into full effect by September 2024. Here’s how nventive is preparing for this and how our experts are strengthening our existing cybersecurity measures.
Incidents such as the data breaches at Desjardins, Equifax, or Cambridge Analytica have generated a popular sense of lack of transparency in the handling of data collected online, due to deficiencies in corporate practices and sometimes deceptive business practices. It became essential to ensure a safer online experience for all users.
Europe initially paved the way in May 2018 with the General Data Protection Regulation (GDPR), and Quebec followed suit with Law 25, aimed at modernizing the Act Respecting the Protection Of Personal Information In the Private Sector dating back to 1994. These new obligations apply to all organizations handling personal data of their users. “They enhance the protection of personal information and hold companies accountable, giving every citizen greater control over the use of their personal data, under the threat of financial penalties,” says Christelle Lopez, Product Owner and member of the compliance committee at nventive.
What does this mean for a service-oriented company like nventive?
Our experts are actively working on a wide range of projects for many clients in North America. As a company that provides digital solution development services, the products that result from these projects are operated by our clients and their users. We ensure that the data from each project is securely stored with our clients, as they become the sole owners once the digital solution is launched.
We restrict access to project data (backlogs, business requirements, code, etc.) to individuals with authorized roles. If the data is stored in the cloud, as is often the case, we ensure that the data remains in geographic regions in compliance with current regulations. At all times, the client retains full control, and we take all necessary measures to revoke unnecessary access at the end of the project, ensuring full compliance.
We are required to be well-versed in the new rules of Law 25 to align our own internal practices, but our role with our clients is to guide them in adopting these new measures. We are not the executors of this new law. Instead, we refer them to the appropriate legal services so that each client can establish their own framework in response to these new obligations.
Updating Internal Practices
Key Takeaways
The first thing to do, no matter where you are in your efforts, is to ensure you obtain the best legal advice so that all measures are put in place and align with your use of personal data from your users. No company is identical, and the advice nventive received is unique to our business practices. Failing to comply or neglecting to do so can result in hefty fines.
By following good legal advice, make sure you understand the journey of your customers’ data once consent is obtained, review your cybersecurity measures, and keep them up to date. Protecting your users and ensuring their secure browsing is part of an ongoing process.
Choosing to work with nventive ensures that you are on the right side of the law. Our team understands the ins and outs, and in collaboration with your legal team, we make sure that your digital solution includes the essential features to ensure compliance.
The information displayed on the nventive website is general and provided for informational purposes only. Nothing contained therein is legal advice or counsel. You should consult with a lawyer before relying on any information provided by nventive.
Since February, nventive has been proud to welcome Vincent Godcharles as its new President. Today, we discuss with him about his vision of the company,…
