Laws and impacts
- thierry sinassamy
Local laws : Bill 64 and the protection of personal infomation or data
The Bill 64 project (“BP64”), also known as Bill 25, on the protection of personal information has come into force on September 22, 2022.
What is the impact on security and infrastructure matter ?
Each element below is visualized according the milestones described in the PAGE Introduction.
Milestone 1 (scanning in a local, physical location) : Company's compliance rules are relatively straightforward. Of course, under Quebec law, the necessary measures must be taken to protect personal information (PI). This means determining the level of physical security to be put in place. In doing so, we work with the Sécurité & Infra team.
Milestone 2 (document storage and archiving) : for the same reasons as above, this involves determining :
the security level of both active and archived documents. This is done in collboration with the IT & Infra Security team;
the level of monitoring of the same documents. In collboration with the IT & Infra Security team.
the level of governance of document use, retrieval and modification. In collboration with the IT & Infra Security team.
Milestone 3 (non-manual, fast and accurate search management) : for the reasons stated above, this requires determining:
the security level of both active and archived documents. This is done in collboration with the IT & Infra Security team;
the level of governance of document use, retrieval and modification. In collboration with the IT & Infra Security team.
What is the impact on data ?
Each element below is visualized according the milestones described in the PAGE Introduction.
Milestone 1 (scanning in a local, physical location) : for the same reasons stated above, this requires determining :
the level of security of paper documents (for example, how are they destroyed? How are stored documents protected? etc.). This is done with the Security & Infra team.
the security level of digitized documents (What is encrypted? What is masked? etc.). In collaboration with the Security & Infra team.
Milestone 2 (document storage and archiving) : for the same reasons as above, this involves determining :
the security level of digitized documents (What is encrypted? What is masked? How is data segmentation applied? etc.). This is done with the Security and Infra team.
Milestone 3 (non-manual, fast and accurate search management) - the security level of digitized documents.
the security level of digitized documents (What is encrypted? What is masked? How is data segmentation applied? etc.). Doing so with the Security and Infra team.
What is the impact on governance ?
Each element below is visualized according the milestones described in the PAGE Introduction.
Milestone 1 (digitization in a local, physical ArcelorMittal location) : for the same reasons as above, this requires determining :
the security level of paper documents (who can consult them? who can destroy them? etc.). This is done with the Security & Infra team.
the security level of digitized documents (Who can consult them? Who can use them? etc.). In conjunction with the Security & Infra team.
Milestone 2 (document storage and archiving) : for the same reasons as above, this requires determining :
the level of monitoring of the use of digitized and non-digitized documents. This is done in conjunction with the IT & Infra Security team.
Milestone 3 (non-manual, fast and accurate search management)
the level of monitoring of the use of digitized documents after search. In conjunction with the IT & Infra Security team.
What is the impact on implementation ?
Can the implementation be carried out in several phases, depending on the date constraint of Law 64 (September 2024)?
In view of the obligations, constraints and pressures exerted by Law 25 and 64, we need to determine whether the implementation is incremental or not, and establish the level of acceptability of the real risk of financial penalty in the event of non-compliance with the portability of personal information.