Law 25 (also known as Bill 25) is Quebec's privacy law that requires all organizations operating in Quebec to protect personal information. It applies to any business that collects, stores, or uses personal data from Quebec residents - regardless of company size. If you have customer emails, employee records, or client information, Law 25 applies to you.

Businesses that fail to comply with Law 25 can face administrative penalties of up to $10 million or 2% of worldwide turnover, whichever is greater. For serious offences, fines can reach $25 million or 4% of worldwide turnover. The Commission d'accès à l'information (CAI) enforces these penalties and investigates complaints about privacy violations.

 Law 25 protects any information that can identify an individual, including names, addresses, email addresses, phone numbers, financial data, health information, IP addresses, and even browsing history. If your business collects any of this data, you must have proper security measures in place. 

 Yes. Law 25 applies to all businesses operating in Quebec, regardless of size. Whether you're a solo entrepreneur or a 500-person company, if you handle personal information from Quebec residents, you must comply with Law 25's requirements. 

 Key requirements include: establishing a governance framework for data protection, conducting privacy impact assessments, implementing security measures like encryption and multi-factor authentication, having a breach notification process, obtaining proper consent for data collection, and appointing someone responsible for privacy protection. 

 Resitek helps Quebec businesses achieve Law 25 compliance through our managed IT services and cybersecurity solutions. We implement the required security measures (encryption, multi-factor authentication, monitoring), help you develop data protection policies, conduct security assessments, and provide ongoing monitoring to ensure your systems stay secure and compliant. Book a consultation to discuss your specific compliance needs.