- PersonalInformation
- CloudData
- 4 mins
Information technology provides a significant competitive advantage for small/medium businesses (SMBs), both in terms of visibility and effective management of operations. The Web and social networks are an important showcase that allows SMBs to instantly reach a local, regional, or even international clientele.
This advantage is also accentuated by cloud computing technologies that are easy to access and require minimal investment for the organization. Point-of-sale solutions integrate catalog, inventory management, online and in-store transactions, and customer contact. Other applications facilitate accounting management, including payroll, or human resources management.
To learn more, read our guide:
While the web and cloud applications offer significant benefits to SMBs, they also contribute to the exponential proliferation of online data and, consequently, personally identifiable information.
To learn more, read our guide:
Online presence
The most common way for most SMBs to establish an online presence is to create a profile on one or more social networks (Facebook/Instagram, Twitter, LinkedIn, etc.). This approach is by far the easiest and fastest to make yourself known and build an audience.
This audience is made up of individuals or organizations who already have a profile on one or the other of these platforms, and who have therefore already consented to the sharing of their data according to the terms of use of the site.
The other most common method of creating an online presence is through a website. If you create a website for your business or organization, you will need to manage your own collection of information about your visitors, the use you make of this information, as well as the consent of visitors to this use.
Among other things, a website allows you to:
- Collect a visitor's email address, if they consent to it
- Create a client or member file, if the user consents to it
- Collect financial information about the visitor, if he makes a purchase on the site
- Compile usage statistics through the use of cookies or other analytical technologies
In some cases, creating a website does not require any programming or technical knowledge. Several providers offer the possibility to create a website through an intuitive and easy-to-use interface. You can also entrust the development of your website to a professional, or even, depending on your level of technical knowledge, build it yourself.
In the first two scenarios described above, you should now pay close attention to the features that are included with your new website. Website design platforms and developers may automatically include links to external tools or sites that facilitate marketing or analysis of site data and traffic. While these tools are one of the Internet's main strengths, they can often unknowingly retain or share the personal information your users have provided.
In such cases, client data is usually anonymized, but it may still contain specific information that identifies your customers. In addition, a large number of online services specialize in data aggregation, a process which analyzes and combines data from several sources, thus making it possible to reconstruct an individual profile and identify a physical person.
These practices are not prohibited or illegal, but recent amendments to Quebec’s privacy laws mean that you must now:
- Be aware of the data sharing mechanisms that may exist on your website;
- Inform visitors that their data is being collected;
- Explain to visitors each use that is made of the personal information you collect, and
- Obtain their distinct consent for each use you intend to make of their personal information.
Online data storage
Cloud-based platforms that facilitate collaboration and data sharing are particularly useful for storing documents and making them accessible from any location. But now you need to pay close attention to the data you store on these platforms.
If, for example, you deposit a file containing a list of your clients and their contact information, this file constitutes personal information, and its contents must be protected. The same rules apply to any file containing personal information, whether it is that of your clients, your members, or members of your staff.
Cloud applications and services
If you use integrated solutions (point-of-sale, sales and marketing, HR, payroll and benefits, or others), you will also need to pay close attention to new government requirements to protect this data.
There are, however, a multitude of other online tools that can be used. For example, a merchant can use an email management service to communicate a special offer to its customers. Some of these services are able to connect to your data to read it without transferring a copy, while others require uploading the list in order to build the mailing. Again, if you use such a service, you must inform your customers and obtain their explicit consent. But in addition to this consent, you also need to understand how the service handles the personal information used to deliver the message to your customers.
Ideally, if possible, you should destroy after use any customer list held by the mailing service provider. Alternatively, read the terms of service carefully to understand how the provider uses the personal information it holds.
In short
Bill 64 makes many changes to privacy regulations. These changes impose new responsibilities on all Quebec organizations and businesses regarding how they manage the personal information of their customers, members or employees.
Make sure you understand these obligations in order to comply with the law. Nexop offers a complete, simple and affordable compliance solution. For more information,
BOOK A FREE CONSULTATION WITH OUR EXPERTS
Nexop may from time to time provide information and resources to users, including, but not limited to, references to legal or legal resources. The provision of such information or references should in no way be construed as the provision of legal advice or guidance. Nexop encourages users to consult a lawyer for legal advice or guidance in connection with content offered by Nexop.
