Bill 64 provides a set of new binding obligations for businesses to ensure better control and better protection of personal information. Among these is the obligation to appoint a Personal Data Officer (PDO).
The PDO function is performed by default by the most senior manager in the organization (CEO); however, it can be delegated to another person (within or outside the organization).
Among the responsibilities incumbent on the PDO are, among other things, the development and application of governance rules and policies with regard to the protection, collection, processing, disclosure and destruction of personal information (i.e. the complete "life cycle" of personal information). The PDO also ensures the complaints process as well as the planning of contingency measures in the event of a confidentiality incident resulting in the compromise of personal information. Given the importance attached to the protection of personal information, the name of this person and contact information should be easily accessible to the public, in particular through the company's website. Under Bill 64, this function must be occupied and fulfilled within any organization that holds personal information by September 22, 2022 at the latest.
Given the responsibilities, skills and organizational changes that this new function implies, DUBÉ LATREILLE works with companies to facilitate this transition and support the Personal Data Officer in the execution of his/her mandate.