63.3. A public body must publish on its website governance rules regarding personal information. Such rules must be approved by its committee on access to information and the protection of personal information.
The rules may be in the form of a policy, directive or guide and must, in particular, define the roles and responsibilities of the members of its personnel throughout the life cycle of such information and provide a process for dealing with complaints regarding the protection of the information. They must include a description of the training and awareness activities offered by the public body to its personnel regarding the protection of personal information.
The rules must also include the protective measures to be taken in respect of the personal information collected or used as part of a survey, including an assessment of(1) the necessity of conducting the survey; and
(2) the ethical aspect of the survey, taking into account, in particular, the sensitivity of the personal information collected and the purposes for which it is to be used.
A government regulation may determine the content and terms of those rules.
2021, c. 252021, c. 25, s. 151.