Tag Archives: bills

Canada Aiming at Improving Cybersecurity of Federally Regulated Industries Through Bill C-26

Posted on by

Canada recently started looking at a new piece of legislation that seeks to strengthen cybersecurity of businesses and organizations the activities of which fall within ambit of activities that the Federal government can directly regulate.

Interestingly, contrary to most Canadian legislation so far and that touch upon cybersecurity, the focus this time is not on whether an organization collects, uses or discloses personal information. Rather, the bill at issue would seek to cover whole swats of certain industries, whether the organizations operating therein do or do not deal with personal information. This is a new approach in Canada which may signify that the government is finally realizing we collectively need to take cybersecurity more seriously, and that it is more than an issue of personal information.

Bill C-26 proposes to impose on telecommunication providers a new regime that would force them to adopt better cybersecurity practices, with a view to better protecting Canadians who rely on their services for things like cell phone and Internet services.

More generally, the bill would also empower the Canadian government to force federally regulated businesses to clean-up their act (so to speak), cybersecurity-wise, especially when it may jeopardize national security or public safety. As you may know, in Canada, federally regulated businesses include, for example, those who deal with:

  • radio, television and telecommunications, such as Internet providers;
  • air transportation, including airlines, airports, ports, shipping, boats, as well as railways and road transportation services that cross borders;
  • banks;
  • certain energies and their transport, like pipelines, etc.

Bill C-26 would allow the Federal government to require organizations operating in those areas to take cybersecurity more seriously, in particular when public safety may be involved. For example, this may allow the government to dictate that operators of pipelines better protect and monitor their computer systems, with a view to avoiding major catastrophes that may eventually result from cyber-attacks.

In addition to eventually requiring organizations in those industries to adopt and apply cybersecurity programs and to better protect their systems, C-26 would also require the organizations at issue to report eventual cybersecurity breaches, something they currently are not generally required to do.

Bill C-26 is currently at the First Reading stage.

Québec Adopts its Charter of the French Language v. 3.0

Posted on by

The province of Québec recently sought to modernize its Charter of the French Language (the “Charter“), a piece of legislation many Quebecers still call “Bill 101” to this day. After partially amending this statute in 2019, the Québec government overhauled it earlier this month, by adopting Bill 96. Through this bill, Québec is expanding the obligations imposed on organizations and businesses, to use French whenever (and however) interacting with residents of the province.

Though I don’t want to get into all the details this morning, it seems worthwhile to provide you with an overview of the kinds of changes this new version of the Charter brings us, so here it is so as to provide you with an idea of what we’re now facing:

  • A general obligation that all organizations serve their clients in French, by providing them with any and all documents and documentation in French, as the case may be;
  • A major change of the rule as to the display of non-French trademarks, by doing away with the exception relating to the common law trademarks. From now on, only common law trademarks composed solely of French words will be tolerated under the Charter, while the rest of trademarks used in Québec will have to be actually registered to pass muster;
  • Reinforcement of the provisions relating to public display of trademarks (e.g. signage) by now requiring that the overall appearance provide substantially more space to French, as compared to other languages such as English (i.e. store fronts should show about twice as much content in French than other languages, not taking into account the trademark);
  • Introduction of a new rule stating that adhesion contracts must now be available in French as a condition of validity for the contracts that are actually entered into by Quebecers, I including but not limited to those for consumers;
  • Lowering from 50 employees to 25, the threshold above which organizations must adopt and apply a francization program;
  • Adoption of stricter rules as to job postings in French and when an organization may require that job applicants have language skills unrelated to French;
  • Addition of a new rule that all written documents and documentation provided by employers to their employees systematically be in French.

It also seems worthwhile to mention that Bill 96 also adds a very American twist to the Charter, by introducing a private right of action. Once in force, this will allow individuals to sue businesses that violate the Charter, so as to obtain either injunctions or (and yes, this is what’s going to have business owners pay attention) damages and punitive damages. As if often the case whenever such rights are introduced in a piece of legislation, class actions will be the first type of proceedings we can expect them to be used for.

I should mention, finally, that most changes outlined above will not come into effect for 3 years, so as to provide businesses with a transition period during which they can bring their organizations in line with the new rules. So, June 1st, 2025 is the deadline you should remember, to update all your practices and your way of doing things in Québec. Mark your calendars!

So, is your organization in-line with all this? Probably not. If it is not, then you now have less than 3 years to do your homework!

Québec Adopts New Personal Information Protection Statute

Posted on by

Québec formally adopted last week an overhaul of its statute meant to regulate personal information handling by businesses, in the province. Bill 64 was an attempt to bring the Québec Loi sur la protection des renseignements personnels dans le secteur privé in line with more modern pieces of legislation used abroad, including the famed GDPR, in Europe.

The revised statute now includes more strenuous obligations for organizations handling such data, and includes potentially huge fines (we’re talking millions) for businesses which may be caught violating the law. Yes, I think we can safely say that the province of Québec now has a real piece of legislation to govern how organizations are supposed to protect personal information when collecting, using or communicating it.

Though the statute was formally adopted, one should note, however, that most provisions included in Bill 64 will come into force only in September 2023, thus giving business about 2 years to shape-up. During that time, the Québec watchdog (the “CAI”) will also seek to provide guidance by coming-up with rules and protocols that it expects businesses to apply and abide by.

A limited number of provisions will come into force in September 2022, including those related to the obligation for businesses to disclose security incidents that may have exposed personal information to loss of theft, including for example pursuant to hacking incidents. The Québec media reports that the government intends to curb a culture of negligence when it comes to adequately handling and protecting personal information. After almost 30 years of being governed by an obsolete statute as to personal data, Québec businesses certainly have work to do!