Law 25, Data, And You. Compilance Is Easy. Failure, Expensive.

Law 25, Data, And You. Compilance Is Easy. Failure, Expensive.

Law 25, Data, And You. Compilance Is Easy. Failure, Expensive.

Here’s what you need to know. Now. 

Law 25, Québec’s data privacy and protection legislation, affects you directly. Data virtualization via Cofomo and its partners make compliance fast and easy. 

The alternative. Hefty fines. 

How hefty? Fines for private companies range from C$15,000 to C$25,000,000 or a sum corresponding to 4% of the organization’s global turnover for the preceding fiscal year. There’s never a good time for a fine. 

 

So, What’s The Problem? 

Data. There’s an almost infinite amount of it out there, and it’s stored in nearly as many different formats, many outdated, some of that data is secure, the rest, less so. Exacerbating the issue is that the data is stored on site, in the cloud, and on mobile devices. 

Every instance it is accessed, transferred, shared, or viewed constitutes a security risk. Who can see it, when they can see it, and how the data is protected from unauthorized use is what’s at stake. Reducing the contact points for any database reduces the risks that it will be improperly used. 

Simply put, too many doors and not enough locks. Fixing that can be a gargantuan task for an organization. 

The solution? Creating one single access point for viewing data – regardless of its format, currency, or location. 

 

Data Virtualization: 
Law 25 Compliance Made Easier 

Data virtualization allows for granular control over personal data across all storage formats and systems, current or legacy, regardless of if it's stored on-site, remotely, or in the cloud – and presents it in a single unified view. 

Cofomo’s implementation of Denodo’s data virtualization platform significantly simplifies Law 25 compliance. 

Access to data can be tracked and users identified – making possible faster responses to consumer requests for data deletion, tracing, or reporting. 

Data virtualization has numerous benefits: 

  • Real-time access to up-to-date data 

  • Fewer circulating copies of personal data 

  • Data on-site or off shown in a one unified view 

  • Full auditing and monitoring of access 

  • Complete data traceability and history 

  • Real-time enterprise-wide data masking 

  • Consistent security control management 

Each of them works to facilitate Law 25 compliance, in fact data traceability is among its many specific requirements. 

The ability of different platforms to standardize access to all data sources through virtualization allows for the implementation of security controls across enterprise data assets, simplifying protection. And suddenly Law 25 compliance is made much easier. The alternative: a substantial fine. 

We believe it’s a foregone conclusion. 

 

More about Quebec’s Law 25 

Data privacy and protection legislation is being enacted around the world. How the private sector collects, uses, and shares personal information is falling under increasing scrutiny. 

Quebec’s Law 25 ups the ante with new, more rigorous standards (see below), ones that are being studied and adopted outside of the province and Canada. 

Achieving compliance with Law 25 isn’t a project. It’s an obligation. Cofomo makes it easier than you imagine. 

The Canadian Federal Government enacted the Personal Information Protection Act (PIPEDA) in 2000, partially in response to concerns from the EU which passed a comprehensive General Data Protection Regulation act (GDPR), stipulating the compliance standards for how business handles and secures personal data. 

Quebec’s Law 25, enacted in September 2021, continues down this path and is part of an expanding, and increasingly strict approach to data privacy. More is sure to come. 

Law 25 accords specific rights to consumers which organizations must fulfill. Not doing so might incur hefty fines. 

 

Consumers now benefit from higher standards of data privacy thanks to Law 25: 

 

Enhanced Consent And Transparency 

Use of personal information requires valid consent, relegating implied consent to specific restricted circumstances. 

 

Privacy Impact Assessments (PIA) 

PIAs are mandatory for all systems or services related to personal information, including its transfer outside Quebec, or use in study, research, or statistics. 

 

De-Identified And Anonymized Information 

Anonymized and de-identified information falls under Law 25, preventing data from tracing a direct path back to its origins. 

 

Data Portability 

Organizations will have three years to install the means to perform secure data transfers and ensure portability in a structured, commonly used technological format. 

 

The “Right To Be Forgotten” 

Upon request, organizations must de-index links that connect individuals to data, or to cease sharing personal information altogether. 

 

Automated Decision-Making 

Automated management of personal information is regulated, affecting decisions over data made without human involvement. 

 

Our data virtualization experts will assess your needs and work in close collaboration with you to implement the ideal data management solution while providing in-depth consultation on how to properly adhere to the guidelines of Law 25. 


Read more about Cofomo’s data virtualization offer and its many advantages here

 

----------------

Information for this article was compiled from several sources: 

Government of Québec - Guide Résumé des nouvelles obligations entreprises  

Government of Québec - Loi 25 - Nouvelles dispositions protégeant la vie privée des Québécois - Certaines dispositions entrent en vigueur aujourd'hui: Gouvernement du Québec (quebec.ca) 

Government of Québec - Modernisation de la protection des renseignements personnels | Gouvernement du Québec (quebec.ca)