12.2. Every public body must ensure the security of the information resources and the information that it holds or uses under the obligations governing it, in keeping with the guidelines, strategies, policies, standards, directives, rules and application instructions made under this Act.
Where a public body becomes aware that an information resource or information under its responsibility is or has been the subject of a breach of confidentiality, availability or integrity, or that a risk of such a breach is apprehended, the body must take all measures to correct the impacts or reduce the risk of such a breach.
If such a public body becomes aware or apprehends that an information resource or information of another public body may experience such a breach, the public body may communicate to the other public body any information, including personal information, considered necessary for correcting the impacts or reducing the risk of such a breach.
2021, c. 222021, c. 22, s. 71.