Local laws : Bill 64 and the protection of personal infomation or data
...
What is the impact on security and infrastructure matter ?
Each element below is visualized according the milestones described in the PAGE Introduction.
Milestone 1 (scanning in a local, physical location) : Company's compliance rules are relatively straightforward. Of course, under Quebec law, the necessary measures must be taken to protect personal information (PI). This means determining the level of physical security to be put in place. In doing so, we work with the Sécurité & Infra team.
Milestone 2 (document storage and archiving) : for the same reasons as above, this involves determining :
...
What is the impact on data ?
Each element below is visualized according the milestones described in the PAGE Introduction.
Milestone 1 (scanning in a local, physical location) : for the same reasons stated above, this requires determining :
...
the security level of digitized documents (What is encrypted? What is masked? How is data segmentation applied? etc.). This is done with the Security and Infra team.
Milestone 3 (non-manual, fast and accurate search management) - the security level of digitized documents.
...
What is the impact on governance ?
Each element below is visualized according the milestones described in the PAGE Introduction.
Milestone 1 (digitization in a local, physical ArcelorMittal location): for the same reasons as above, this requires determining :
the security level of paper documents (who can consult them? who can destroy them? etc.). This is done with the Security & Infra team.
the security level of digitized documents (Who can consult them? Who can use them? etc.). In conjunction with the Security & Infra team.
Milestone 2 (document storage and archiving) : for the same reasons as above, this requires determining :
the level of monitoring of the use of digitized and non-digitized documents. This is done in conjunction with the IT & Infra Security team.
Milestone 3 (non-manual, fast and accurate search management)
the level of monitoring of the use of digitized documents after search. In conjunction with the IT & Infra Security team.
What is the impact on implementation ?
Can the implementation be carried out in several phases, depending on the date constraint of Law 64 (September 2024)?
In view of the obligations, constraints and pressures exerted by Law 25 and 64, we need to determine whether the implementation is incremental or not, and establish the level of acceptability of the real risk of financial penalty in the event of non-compliance with the portability of personal information.