The latest Law 25 changes are here, reshaping how Canadian companies handle personal information.
eZsign: Your Law 25 Compliance Partner
At eZsign, we take compliance and security seriously. We’re fully equipped to meet Law 25 requirements, ensuring businesses in Quebec and across Canada can:
The next wave of changes under Law 25 (Bill 64) take effect on September 22, 2023 and will have a big impact on how Canadian companies protect personal information.
Most Canadian businesses, associations, and organizations gather and store sensitive personal information as part of their operations, including names, telephone numbers, email addresses, social insurance numbers, credit card or bank account information, and more.
In recent years, multiple Canadian businesses have been involved in high-profile data breaches, including Bell Canada, Desjardins, and even Ontario’s provincial vaccine management system. And the amount of data being stolen is increasing: according to security firm Risk Based Security (RBS) and cited by Deloitte, the quantity of stolen records increased by 4,379% between 2015 and 2020.
In response, the National Assembly of Quebec adopted Law 25 (also known as Bill 64 and officially an act to modernize legislative provisions as regards the protection of personal information) on September 22, 2021, with different waves of changes entering into effect between September 22, 2021 and September 22, 2024. The latest (and most important) of the provisions are entering into effect on September 22, 2023. Are you ready?
Law 25 may be a provincial law, but it is the most sweeping and strict privacy legislation in Canada in decades. It applies to most organizations or companies that do any business involving the collection, use, or disclosure of personal information of Quebec residents and imposes a broad new “privacy by default” mandate.
This means that almost all Canadian businesses will be impacted by this law. And while implementation has been slow and steady, the biggest changes are taking place in just a couple of weeks.
As of September 22, 2023, organizations operating in Quebec will have to:
It is safe to say that if you’re a Canadian business or organization, Law 25 will affect you. So, how can you prepare?
First, don’t delay. The biggest changes go into effect in less than a month.
Next, make sure you have done the following:
Organizations that don’t comply with Law 25 face steep penalties. Penalties for natural persons range from $5,000 to $50,000 and between $15,000 and $25,000,000 or 4% of global revenue, whichever is greater, for companies.
At eZsign, we take security, regulatory compliance, and the law extremely seriously. You can read about all the measures we take every day to keep personal data safe in our Trust Centre.
eZsign the company and eZsign, our leading electronic signature solution, meet all of the requirements of Law 25, which means businesses across Quebec and across Canada can sign important documents electronically with confidence knowing personal data is being processed and stored correctly.
eZsign: the best e-signatures for Canada
This article in no way constitutes legal advice. Always consult with counsel for all your legal and contractual questions.