News & Statements

Quebec's new Law 25 on the protection of personal information will reach a new stage of implementation on September 22, 2023.

As a brief reminder, this law requires all organizations and businesses to take measures to protect the personal information of Quebecers, and to report any incidents of theft of personal information to the information access commission.

As customers, we'd like to suggest a few key questions to help you understand the potential work project to be implemented and the technological adjustments that may be required.

First of all, what is sensitive information?
Any personal information about an employee, customer, supplier or partner with whom you exchange information.

More specifically, personal information is any information that unambiguously identifies a specific individual.

If you store and manage this type of information on your internal or hosted servers, you need to ensure that this data is adequately protected against theft through cybersecurity intrusion or unauthorized dissemination.

What steps should I take if I want to structure my in-house intervention project?
Briefly, here are the steps to be covered by your project:

• Draw up an inventory of all the data stored by your company. It's important to understand which data is sensitive and which is less critical.
• Identify your company's points of vulnerability. Points of vulnerability include unsecured access points, open ports on firewalls, entry points for phishing attacks, etc.
• Establish clear and precise internal security policies. These policies should include guidelines on the use of strong passwords, restrictions on access to sensitive data, rules for the automatic deletion of old sensitive data, etc.
• Implement appropriate security measures. Security measures can include firewalls, intrusion detection systems, antivirus software, encryption systems and regular backup protocols, etc.
• Train your employees in good security practices. Employees need to understand the importance of data security and how to act in the event of a security incident.
• Put in place a security incident response plan to manage security situations, including malicious intrusions, data loss and security breaches.

Why is Progident a strategic partner for you?
As part of the CTRL Group, Progident benefits from all the advances and levers available to the CTRL family.

Firstly, on the software side, the Progident Dental Management Solution application platform already provides advanced functional and information security features, enabling you to control the access and sharing of all sensitive information.

This same platform also offers an audit trail that enables you to quickly identify the source (who, when, what) of any unauthorized information sharing, so you can assess the severity of the problem and take appropriate action against the information access commission. No competitor offers the same degree of information security.

Secondly, in terms of equipment, our TI Technologies division offers you all the technical services you need to fully support your efforts to overhaul and upgrade your TI infrastructure to meet the requirements of the Law 25. These services include, among others

• Identify and list your current access vulnerabilities.
• Present you with recommendations for technological adjustments and a game plan in the form of a clear and precise business proposal.
• Support and advise you in the development of your internal policies and best practices concerning the management of your sensitive data.
• Act as a trainer for your employee groups in the application of the policies and best practices you have established.
• Support and advise you in the development of your cybersecurity incident action plan.

Be ready for the second milestone of the Law 25. Please do not hesitate to contact us if you require any further information.