Bill 25: making the protection of personal information a priority

News

Being a landlord or property manager can pose unique challenges when it comes to protecting personal information.

Bill 25: making the protection of personal information a priority

Managing your real estate assets means more than just maintaining your units and monitoring your operations. You must also protect the personal information entrusted to you in the course of your management activities. Data security is becoming increasingly important for your customers, the tenants, and is now regulated by Bill 25.

 

What is personal information?

Information is considered personal when it concerns a physical person and enables that person to be identified, directly or indirectly. It is characterized as follows:

  • It must reveal something to someone;
  • It must relate to a physical person;
  • It must be likely to distinguish that person from another or recognize his or her nature.

Here are some examples of documents containing personal information:

  • Rental application
  • Pre-rental survey
  • Lease

 

Note: The above documents may concern an applicant, a tenant or a guarantor, and may be in paper or electronic form.

 

What does this mean for you?

As a property manager/landlord, you are in possession of a great deal of personal information about your tenants and prospective tenants. It is your responsibility to keep this information secure.

Everyone must comply with the new obligations set out in Bill 25. This checklist from the Commission de l'accès à l'information du Québec (CAI) will help guide you through the various phases of implementing Bill 25 and the related requirements.

Here are some of the things you need to do

  • Assign responsibility for protecting the personal information in your possession to someone in your organization (it could be you). You must also make this person's contact details available to anyone from whom you retain personal information.

  • Develop policies and practices governing the governance of personal information.

  • Take action as soon as information held by you is leaked, to minimize the impact on the individual(s) concerned. You must inform both CAI and any person affected by a data breach involving personal information. Moreover, a register of breaches must be kept.

Here are a few additional recommendations concerning the secure handling of confidential and personal information in your possession:

  • Keep your paper documents containing personal information in a safe or a lockable file with a key or padlock. Make sure only authorized people have access to them.

  • Store your digital documents securely with a strong password that protects the device and even the file on which they are stored.

  • Dispose of obsolete documents securely. In the case of digital documents, this involves overwriting the data. For paper documents, put them through a shredder before placing them in the recycling bin. It's also possible to anonymize data by redacting it to hide confidential information when it's no longer useful.

  • Make sure you have good access and security management in place when employees or third parties leave your organization.

 

What this means for CORPIQ

We make every effort to protect the personal data we collect in order to offer you the highest quality service while complying with current regulations.

  • A person responsible for personal information has been appointed to our team. This person will be responsible for the management and security of your personal information. If you have any questions, please contact us at renseignements@corpiq.com;

  • Our personal information privacy policies have been updated to reflect the latest developments and requirements of Bill 25;

  • Our terms of use have been updated to reflect the latest developments and requirements of Bill 25;

  • Consent is required when collecting personal information for the ProprioLocation rental application and lease, as well as for the ProprioEnquête pre-rental survey;

  • Our employees who handle your information, that of your applicants and that of your tenants, have received specific training on the protection of personal information;

  • CORPIQ has always taken great care to protect the personal data you entrust to us in each of our products. We have procedures for processing, de-identifying and destroying information that take into account the needs of owners and managers, in addition to complying with legal requirements;

  • All complaints related to the protection of personal information can be directed to the following e-mail address renseignements@corpiq.com.

Bill 25 comes with its own set of changes, requiring CORPIQ and your companies to adapt to comply. You will therefore need to adapt your processes to ensure that information obtained in the form of paper documents or electronic files is properly protected.

This law is not to be taken lightly: failure to comply with these rules could cost you dearly, both financially and criminally. Also note that phase 3 of the law will be completed in September 2024. Until then, we're counting on you to integrate good personal information management practices into your operations.

 

Note: this text is presented as a reminder of obligations and includes only certain elements to be verified. Be sure to check the sources below for more information.

 

Sources

Aide-mémoire from the Commission de l'accès à l'information du Québec (in French only)

About the destruction of personal information

To find out what's involved in overwriting data

Back to the news list