Consolidated Statutes and Regulations
Consolidated Statutes
Consolidated Regulations
Annual Statutes and Regulations
Annual Statutes
Annual Regulations
Additional information
Québec Official Publisher
What’s new?
Information note
Policy of the Minister of Justice
Laws: Amendments
Laws: Provisions not in force
Laws: Provisions brought into force
Annual Statutes: PDF versions since 1996
Regulations: Amendments
Annual Regulations: PDF versions since 1996
Court Decisions
A-2.1, r. 3.1 - Regulation respecting confidentiality incidents
Section 7
Disposition versions
7. The registers provided for in section 63.11 of the Act respecting Access to documents held by public bodies and the Protection of personal information (chapter A-2.1) and section 3.8 of the Act respecting the protection of personal information in the private sector (chapter P-39.1) must contain
(1) a description of the personal information covered by the incident or, if that information is not known, the reasons why it is impossible to provide such a description;
(2) a brief description of the circumstances of the incident;
(3) the date or time period when the incident occurred or, if that is not known, the approximate time period;
(4) the date or time period when the body became aware of the incident;
(5) the number of persons concerned by the incident or, if that is not known, the approximate number;
(6) a description of the elements that led the body to conclude whether or not there is a risk of serious injury to the persons concerned, such as the sensitivity of the personal information concerned, any possible ill-intentioned uses of such information, the anticipated consequences of its use and the likelihood that such information will be used for injurious purposes;
(7) if the incident presents a risk of serious injury, the transmission dates of the notices to the Commission d’accès à l’information and the persons concerned, pursuant to the second paragraph of section 63.8 of the Act respecting Access to documents held by public bodies and the Protection of personal information or the second paragraph of section 3.5 of the Act respecting the protection of personal information in the private sector, as well as an indication of whether the body issued public notices and, if applicable, its reasons for doing so; and
(8) a brief description of the measures the body has taken after the incident occurred in order to reduce the risks of injury.
In force: 2022-12-29
7. The registers provided for in section 63.11 of the Act respecting Access to documents held by public bodies and the Protection of personal information (chapter A-2.1) and section 3.8 of the Act respecting the protection of personal information in the private sector (chapter P-39.1) must contain
(1) a description of the personal information covered by the incident or, if that information is not known, the reasons why it is impossible to provide such a description;
(2) a brief description of the circumstances of the incident;
(3) the date or time period when the incident occurred or, if that is not known, the approximate time period;
(4) the date or time period when the body became aware of the incident;
(5) the number of persons concerned by the incident or, if that is not known, the approximate number;
(6) a description of the elements that led the body to conclude whether or not there is a risk of serious injury to the persons concerned, such as the sensitivity of the personal information concerned, any possible ill-intentioned uses of such information, the anticipated consequences of its use and the likelihood that such information will be used for injurious purposes;
(7) if the incident presents a risk of serious injury, the transmission dates of the notices to the Commission d’accès à l’information and the persons concerned, pursuant to the second paragraph of section 63.8 of the Act respecting Access to documents held by public bodies and the Protection of personal information or the second paragraph of section 3.5 of the Act respecting the protection of personal information in the private sector, as well as an indication of whether the body issued public notices and, if applicable, its reasons for doing so; and
(8) a brief description of the measures the body has taken after the incident occurred in order to reduce the risks of injury.
