{"id":2349,"date":"2025-12-17T00:15:02","date_gmt":"2025-12-17T05:15:02","guid":{"rendered":"https:\/\/carolinesimard.ca\/?page_id=2349"},"modified":"2025-12-17T01:03:23","modified_gmt":"2025-12-17T06:03:23","slug":"policies-and-practices-guiding-the-governance-of-personal-information","status":"publish","type":"page","link":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/","title":{"rendered":"Policies and Practices Guiding the Governance of Personal Information"},"content":{"rendered":"\n<p><strong>Caroline Simard avocate inc.<\/strong> is committed to protecting the confidentiality and ensuring the security of Personal Information (hereinafter \"PI\") in accordance with Law 25 and the ethical rules of the profession.<\/p>\n\n\n\n<p>This Policy applies to all lawyers, notaries, paralegals, employees, and subcontractors of the firm, as well as to all PI managed by the firm, regardless of its form: paper, digital, or oral.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"roles\">1. Roles and Responsibilities<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">The Person Responsible for the Protection of Personal Information (PRPPI)<\/h3>\n\n\n\n<p>Caroline Simard, Lawyer, President and sole shareholder.<br><strong>Contact Information:<\/strong> <a href=\"mailto:avocate@carolinesimard.ca\">avocate@carolinesimard.ca<\/a><\/p>\n\n\n\n<p>The PRPPI oversees the application of all policies, manages access\/rectification requests, and acts as the point of contact with the Commission d\u2019acc\u00e8s \u00e0 l\u2019information (CAI).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Management Responsibilities<\/h3>\n\n\n\n<p>Ensure the necessary resources (training, technology) for the protection of PI.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Staff Responsibilities<\/h3>\n\n\n\n<p>Mandatory training, enhanced duty of confidentiality regarding the professional secrecy related to the legal profession, immediate reporting of any incidents, and maintenance of confidentiality by default (<a href=\"#confidentiality\">jump to the confidentiality section<\/a>).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"collection\">2. Collection and Use of Personal Information<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Minimization Principle (Law 25)<\/h3>\n\n\n\n<p>Collect only the PI strictly necessary for the execution of the mandate, for example: conflict of interest verification, legal representation, billing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Consent<\/h3>\n\n\n\n<p>Documented procedure to obtain free and informed consent: \"File Opening Form and Professional Fee Agreement.\" Management of consent withdrawal: withdrawal of consent must be as simple as the manner in which it was given.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Use<\/h3>\n\n\n\n<p>Strict prohibition from using PI for secondary purposes, such as marketing and case studies, without explicit and separate consent, unless permitted by law.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"destruction\">3. Retention and Destruction of Personal Information<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Retention Policy<\/h3>\n\n\n\n<p>Respect the minimum retention period imposed by the rules of the Barreau du Qu\u00e9bec, which is 7 years after the end of the mandate.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Destruction Procedures<\/h3>\n\n\n\n<p><strong>Physical Destruction:<\/strong> Systematic use of a high-security shredder (cross-cut) for paper documents.<\/p>\n\n\n\n<p><strong>Digital Destruction:<\/strong> Use of secure deletion or degaussing methods for files and storage media ensuring impossibility of recovery.<\/p>\n\n\n\n<p><strong>Anonymization:<\/strong> Procedures to anonymize data for statistical or archival purposes (if applicable) ensuring that the person can no longer be identified directly or indirectly. The destruction of PI is documented.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"security\">4. Security Measures (Protection and Access)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Physical Security<\/h3>\n\n\n\n<p>Access control to offices; archiving of files in locked cabinets.<br>Protocols for remote work (securing documents taken out of the office).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"confidentiality\">Technological Security and Confidentiality by Default<\/h3>\n\n\n\n<p><strong>Encryption:<\/strong> Encryption of email communications containing sensitive information and client databases.<strong><br>Access Management:<\/strong> Access to client files based on the need-to-know principle; only lawyers and staff directly involved in the mandate have access.<br><strong>Passwords:<\/strong> Policy for complex and regularly renewed passwords.<br><strong>Confidentiality by Default:<\/strong> All of the firm's information systems are configured, by default, to ensure the highest level of confidentiality without user intervention.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Transfer of Data Outside Quebec<\/h3>\n\n\n\n<p>Require a Privacy Impact Assessment (PIA) before any transfer, ensuring that the laws of the recipient country offer adequate protection (e.g., use of US cloud services).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"requests\">5. Management of Requests to Exercice Rights (Clients)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Receipt of the Request<\/h3>\n\n\n\n<p>All requests must be addressed to the PRPPI in writing. (<a href=\"#roles\">jump to the PRPPI section<\/a>)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Identity Verification<\/h3>\n\n\n\n<p>Rigorous procedure to verify the identity of the applicant, so as not to disclose confidential information to the wrong person.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Processing Time<\/h3>\n\n\n\n<p>Respond to access or rectification requests within 30 days of receipt, which is the legal deadline.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Refusal<\/h3>\n\n\n\n<p>Procedure for justified refusal, particularly if the disclosure violates professional secrecy or if it risks harming a third party. The refusal response must indicate the possible recourse with the CAI.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"data\">6. Management of Confidentiality Incidents (Data Breaches)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Definition<\/h3>\n\n\n\n<p>Identification of an incident: unauthorized access, use, or disclosure of PI.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Intervention Protocol<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Contain the incident, for example: disconnect the device, change passwords.<\/li>\n\n\n\n<li>Assess the risk of serious injury. Evaluation of severity factors, including the sensitivity of the PI involved, the apprehended consequences, and the probability of use for harmful purposes.<\/li>\n\n\n\n<li>Notify the CAI: Obligation to notify the Commission d\u2019acc\u00e8s \u00e0 l\u2019information if the risk of injury is serious.<\/li>\n\n\n\n<li>Notify the person concerned: Obligation to notify the person whose data has been compromised.<\/li>\n\n\n\n<li>Documentation: Maintain a detailed register of all confidentiality incidents, whether they require notification or not.<\/li>\n<\/ol>\n\n\n\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Caroline Simard avocate inc. is committed to protecting the confidentiality and ensuring the security of Personal Information (hereinafter &#8220;PI&#8221;) in accordance with Law 25 and the ethical rules of the profession. This Policy applies to all lawyers, notaries, paralegals, employees, and subcontractors of the firm, as well as to all PI managed by the firm, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1322,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-careers.php","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-2349","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Policies and practices guiding the governance of personal information - Caroline Simard lawyer<\/title>\n<meta name=\"description\" content=\"We are committed to protecting the confidentiality and ensuring the security of Personal Information in accordance with Law 25.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Policies and practices guiding the governance of personal information - Caroline Simard lawyer\" \/>\n<meta property=\"og:description\" content=\"We are committed to protecting the confidentiality and ensuring the security of Personal Information in accordance with Law 25.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/\" \/>\n<meta property=\"og:site_name\" content=\"Caroline Simard\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-17T06:03:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"747\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/\",\"url\":\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/\",\"name\":\"Policies and practices guiding the governance of personal information - Caroline Simard lawyer\",\"isPartOf\":{\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg\",\"datePublished\":\"2025-12-17T05:15:02+00:00\",\"dateModified\":\"2025-12-17T06:03:23+00:00\",\"description\":\"We are committed to protecting the confidentiality and ensuring the security of Personal Information in accordance with Law 25.\",\"breadcrumb\":{\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#primaryimage\",\"url\":\"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg\",\"contentUrl\":\"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg\",\"width\":2560,\"height\":747},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/coulisses.carolinesimard.ca\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Policies and Practices Guiding the Governance of Personal Information\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/coulisses.carolinesimard.ca\/en\/#website\",\"url\":\"https:\/\/coulisses.carolinesimard.ca\/en\/\",\"name\":\"Caroline Simard\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/coulisses.carolinesimard.ca\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Policies and practices guiding the governance of personal information - Caroline Simard lawyer","description":"We are committed to protecting the confidentiality and ensuring the security of Personal Information in accordance with Law 25.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Policies and practices guiding the governance of personal information - Caroline Simard lawyer","og_description":"We are committed to protecting the confidentiality and ensuring the security of Personal Information in accordance with Law 25.","og_url":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/","og_site_name":"Caroline Simard","article_modified_time":"2025-12-17T06:03:23+00:00","og_image":[{"width":2560,"height":747,"url":"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/","url":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/","name":"Policies and practices guiding the governance of personal information - Caroline Simard lawyer","isPartOf":{"@id":"https:\/\/coulisses.carolinesimard.ca\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#primaryimage"},"image":{"@id":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#primaryimage"},"thumbnailUrl":"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg","datePublished":"2025-12-17T05:15:02+00:00","dateModified":"2025-12-17T06:03:23+00:00","description":"We are committed to protecting the confidentiality and ensuring the security of Personal Information in accordance with Law 25.","breadcrumb":{"@id":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#primaryimage","url":"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg","contentUrl":"https:\/\/coulisses.carolinesimard.ca\/wp-content\/uploads\/2021\/05\/img-carriere.jpg","width":2560,"height":747},{"@type":"BreadcrumbList","@id":"https:\/\/coulisses.carolinesimard.ca\/en\/policies-and-practices-guiding-the-governance-of-personal-information\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/coulisses.carolinesimard.ca\/en\/"},{"@type":"ListItem","position":2,"name":"Policies and Practices Guiding the Governance of Personal Information"}]},{"@type":"WebSite","@id":"https:\/\/coulisses.carolinesimard.ca\/en\/#website","url":"https:\/\/coulisses.carolinesimard.ca\/en\/","name":"Caroline Simard","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/coulisses.carolinesimard.ca\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/pages\/2349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/comments?post=2349"}],"version-history":[{"count":10,"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/pages\/2349\/revisions"}],"predecessor-version":[{"id":2382,"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/pages\/2349\/revisions\/2382"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/media\/1322"}],"wp:attachment":[{"href":"https:\/\/coulisses.carolinesimard.ca\/en\/wp-json\/wp\/v2\/media?parent=2349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}