27 Jan 2023
Law 25 Quebec: Changes that Could Affect your Ecommerce
Firstly, Law 25 defines personal information as: “personal information is any information that relates to a natural person and allows that person to be identified directly or indirectly.”
On the contrary, when we speak of so-called “anonymous” or “anonymized” intelligence, we mean that it “no longer makes it possible, in an irreversible manner, to identify that person directly or indirectly.”
Although eCommerce cybersecurity is one of the top trends in 2023, several technology giants have already begun their crusade against third-party data. Apple has already made it impossible to share personal information from advertising platforms on its Safari browser, while Google plans to end cookies on its Chrome browser by 2024.
How Quebec’s Law 25 Will Affect your Ecommerce
In addition to fulfilling all obligations that were previously in place when storing data from Quebec’s consumers, you must, among other things:
1. Appoint a Privacy Officer and provide their contact information on your website.
2. Have established policies on the security of the personal information you hold and publish these policies on your website by September 2023.
3. Collect only the information necessary to fulfill the purpose, and clearly communicate the purpose at the time of collection. Without the consent of the individual, the purpose can only be changed once the personal information has been collected.
4. If a breach of personal information or confidentiality occurs, take the necessary steps to ensure that similar incidents do not occur. You must also keep a record of such incidents and, if they are of a significant nature, inform the person concerned as well as the Commission d’accès à l’information du Québec.
Novatize’s Advice On the Security of Personal Information
Novatize is committed to the firm’s values, and among these is transparency. It is with this in mind that we make these suggestions regarding the protection of personal data.
A privacy incident is any event that caused confidential information to be leaked to others who were not authorized to receive it.
For example, some ecommerce platforms have known vulnerabilities, and scripts can sometimes be injected to harvest sensitive information. Another possible example could be a malicious employee leaving your company with access to the customer database and sharing sensitive information with others.
Our advice: as soon as you know (or think) that an incident has occurred, communicate with the people responsible for IT security to make sure that it won’t happen again. Immediately think of corrective measures to put in place.
Also, inform your clientele and community about the incident once the situation is under control. While the subject is sensitive, hiding or not being honest is even more so. Minimize the reputational impact of an incident by communicating in a transparent and professional manner:
- The cause of the incident
- Corrective measures that have been put in place following the incident
- The contact information needed in case of questions
Do you want to implement the best ecommerce practices and ensure compliance with your actions? Contact an expert at Novatize.
📞 +1 844 932 6682
📍 330-330 rue Saint-Vallier Est, G1K 9C5, Québec, QC, Canada
Inspired by what you’ve read?
Our team of experts can help you take your eCommerce to the next level!