Consolidated Statutes and Regulations
Consolidated Statutes
Consolidated Regulations
Annual Statutes and Regulations
Annual Statutes
Annual Regulations
Additional information
Québec Official Publisher
What’s new?
Information note
Policy of the Minister of Justice
Laws: Amendments
Laws: Provisions not in force
Laws: Provisions brought into force
Annual Statutes: PDF versions since 1996
Regulations: Amendments
Annual Regulations: PDF versions since 1996
Court Decisions
G-1.03, r. 1 - Regulation respecting the terms and conditions of application of sections 12.2 to 12.4 of the Act respecting the governance and management of the information resources of public bodies and government enterprises
Section 8
Disposition versions
8. The information that is the subject of the communications referred to in section 7 may include personal information.
Where personal information may be communicated in a form that does not allow the direct identification of the person concerned, it must be communicated in that form.
The second paragraph does not apply where there are grounds to believe that there is urgency to act in a matter of cybersecurity or that there is a risk that irreparable harm may be caused to an information resource or information under the responsibility of a public body. In that case, public bodies share the personal information concerned through their cybersecurity practitioners, by applying measures that ensure the confidentiality of such information.
There is urgency where the impact of a security event must be corrected or risks due in particular to the severity of the apprehended consequences must be reduced. A malicious software, phishing or an information leak may be a cause of the urgency.
In force: 2022-07-28
8. The information that is the subject of the communications referred to in section 7 may include personal information.
Where personal information may be communicated in a form that does not allow the direct identification of the person concerned, it must be communicated in that form.
The second paragraph does not apply where there are grounds to believe that there is urgency to act in a matter of cybersecurity or that there is a risk that irreparable harm may be caused to an information resource or information under the responsibility of a public body. In that case, public bodies share the personal information concerned through their cybersecurity practitioners, by applying measures that ensure the confidentiality of such information.
There is urgency where the impact of a security event must be corrected or risks due in particular to the severity of the apprehended consequences must be reduced. A malicious software, phishing or an information leak may be a cause of the urgency.
