News & Statements

How do you approach the Law 25 with TI Technologies?
Quebec's new Law 25 on the protection of personal information will enter a new phase of implementation on September 22, 2023.

As a brief reminder, this law requires all organizations and businesses to take measures to protect the personal information of Quebecers and to report any incidents of theft of personal information to the Commission d'Accès à l'Information.

As a customer, we'd like to suggest a few key questions to help you understand the potential work project to be implemented and the technological adjustments that may be required.

First of all, what is sensitive information?
Any personal information of an employee, customer, supplier or partner with whom you exchange information.

More specifically, personal information is any information that unambiguously identifies a specific individual.

If you store and manage this type of information on your internal or hosted servers, you need to ensure that this data is adequately protected against theft via a cybersecurity intrusion.

What steps should I take if I want to structure my in-house intervention project?
Briefly, here are the steps to be covered by your project:

1. Draw up an inventory of all the data stored by your company. It's important to understand which data is sensitive and which is less critical.
2. Identify your company's points of vulnerability. Points of vulnerability include unsecured access points, open ports on firewalls, entry points for phishing attacks, etc.
3. Establish clear and precise internal security policies. These policies should include guidelines on the use of strong passwords, restrictions on access to sensitive data, rules for automatic deletion of old sensitive data, etc.
4. Implement appropriate security measures. Security measures can include firewalls, intrusion detection systems, antivirus software, encryption systems and regular backup protocols, etc.
5. Train your employees in good security practices. Employees need to understand the importance of data security and how to act in the event of a security incident.
6. Put in place a security incident response plan to manage security situations, including malicious intrusions, data loss and security breaches.

How can TI Technologies support me in my process?
As a customer, you already know that TI Technologies can maintain and manage your technological infrastructure to optimize your protection against unwanted intrusions.

With this in mind, and with reference to the previous steps suggested, TI Technologies is able to intervene in a support process taking the form of one or all of the following services:

• Identify and list your current access vulnerabilities.
• Present you with recommendations for technological adjustments and a game plan in the form of a clear, precise business proposal.
• Support and advise you in the development of your internal policies and best practices concerning the management of your sensitive data.
• Act as a trainer for your employee groups in the application of the policies and best practices you have established.
• Support and advise you in the development of your cybersecurity incident action plan.

So get ready for this second milestone with the Law 25, and don't hesitate to send a request for information so that an advisor can contact you.

The infrastructure team