Legal guides

One of the objectives of the L.R. Wilson Chair is to develop strategies to ensure smooth operation of the various interactions that take place on the Internet.

One of the means of achieving this goal is the preparation of guides and manuals for users and/or organizations that offer tools and services on the Internet. The guides show how to identify risks related to Internet exchanges, searches and publishing, and suggest actions and precautions that can be taken to reduce risk. One of the means of achieving this goal is the preparation of guides and manuals for users and/or organizations that offer tools and services on the Internet. The guides show how to identify risks related to Internet exchanges, searches and publishing, and suggest actions and precautions that can be taken to reduce risk. In most situations, the individual is in fact in control of what is or is not done on the Internet. This is why raising awareness, training and education remain the best ways to protect people and ensure compliance with legislation.In most situations, the individual is in fact in control of what is or is not done on the Internet. This is why raising awareness, training and education remain the best ways to protect people and ensure compliance with legislation.

ouvrir la catégorie  Guide pour l'élaboration d'une politique de confidentialité (2008)(Guide to Preparing a Confidentiality Policy)

All public and private legal entities have to inform those they deal with about their obligations with respect to protection of personal information. They have to do this in a way that is clear, understandable and easy to access. In electronic environments, such information is contained in a confidentiality policy.

The Guide to Preparing a Confidentiality Policy describes the requirements that have to be taken into consideration when developing a confidentiality policy.

On one hand, the guide delineates the features that confidentiality policies must include. On the other hand, it describes the steps in development of such policies: steps that take into account the obligations of those who manage electronic environments with respect to both protection principles and the cycle of personal information. Finally, it includes frequently asked questions and a checklist.

The guide is part of post-doctoral research on mechanisms for producing trust in electronic environments.

PDF Version

ouvrir la catégorie  Guide pratique pour l’application des mesures de protection des informations et renseignements personnels détenus par les établissements et organismes du réseau de la santé et des services sociaux (mars 2004)(Implementation Manual for Measures to Protect Personal Information Held by Institutions and Organizations in the Health and Social Services System)

This guide is intended for those who use personal information to make decisions concerning users of the health and social services system.

Its purpose is to describe and explain the principles that should govern the personal information processing cycle, from the gathering of information to its disposal.

Protection of personal information in the health and social services system is not limited to files on users. Protection also has to cover other types of files, such as user complaint files, the files of the head of the clinical department, the files of the council of physicians, dentists and pharmacists, the users committee’s files, the public curator’s files, adoption files and files belonging to youth protection officials.

PDF Version

ouvrir la catégorie  Guide pour maîtriser les risques juridiques des cyberconsultations (2004) (Guide to Managing the Legal Risks of Online Consultation)

The use of online tools to complement or strengthen consultation and decision-making is now part of a number of strategies designed to enhance democratic processes.

The various situations in which the Internet is used to wholly or partly conduct debates on issues of public interest are called “cyberdemocratic” processes. They include public consultation through discussion groups and videoconferences, which can be in addition to existing processes in which citizens submit questions to elected officials and express their points of view.

The Guide pour maîtriser les risques juridiques des cyberconsultations shows how to identify and manage the legal requirements of setting up and using Internet environments for cyberdemocratic processes.

The guide begins by identifying the necessary features of a consultation process, and then defines the steps to creating a virtual consultation process, whether or not it is governed by specific legislation. Next, it pinpoints the stakes and risks generally associated with using cyberconsultation tools and functionalities on the Internet. Finally, it suggests model policies, directives, regulations and other means of managing risks.

The guide was prepared at the request of the Sous-secrétariat à l’inforoute gouvernementale et aux ressources informationnelles of the Quebec Secrétariat du Conseil du trésor and the Quebec government’s Groupe de travail sur la cyberdémocratie.

PDF Version

ouvrir la catégorie  Guide des droits sur Internet (2004)

The Guide des droits sur Internet website provides information on legislation and regulations in order to allow people and organizations to use the Internet safely. The site was designed to meet the wide range of needs of both those who use the Internet and those who make decisions and are responsible for providing access to online services.

ouvrir la catégorie  Guide pour gérer les aspects juridiques d'Internet en milieu scolaire (2003)

ouvrir la catégorie  Guide pour un usage responsable d'Internet (2003)

ouvrir la catégorie  Guide sur la mise en place et l’administration de mécanismes d’identification électroniques (2001)(Guide to the Establishment and Management of Electronic Identification Mechanisms)

A company or organization that decides to offer its services on the Internet has to take various precautions with respect to identification of individuals. The purpose of this guide is to provide information on how to set up and manage electronic identification mechanisms.

It suggests an approach that makes it possible to identify risks linked with identification in an electronic transaction environment and a way of setting up suitable identification mechanisms and processes. This involves four steps.

Step one : Identify identification needs.
Step two : Identify the degree of certainty required for identification.
Step three : Set out guidelines for gathering and processing personal information.
Step four : Establish identification mechanisms and processes.

Legislation sets out requirements with respect to the gathering and processing of personal information. A company or organization that holds personal information must inform the individual of the purpose for which the information is gathered, how it will be used, the categories of people who will have access to the file, where the information will be kept, and the individual’s right to access to the file and have it corrected, if required. Likewise, a company that holds, uses or conveys personal information obtained in this way must ensure confidentiality. It has to make sure that the information is accurate and up to date at the time it is used, and it has to obtain the user’s consent if it wishes to convey the information or use it for purposes other than those for which it was gathered.

PDF Version

ouvrir la catégorie  Implantation de services de courriel dans les écoles, exigences à satisfaire afin d’assurer la protection des droits des personnes et le partage des responsabilités (2000)(Use of E-mail in School)

This study paper sketches out rules that should be established when e-mail is used in schools. The proposed approach is designed to meet legal requirements and deal with the concerns, vulnerabilities, worries and fears of users and other stakeholders.

If use of e-mail for educational purposes becomes part of the school’s educational project, then the decision to offer the service in class is made at the school. However, parents have to be informed of the consequences of having an e-mail address, particularly since they have to supervise its use at home.

A school’s decision to offer e-mail services has to comply with the Act respecting access to documents held by public bodies and the protection of personal information.

Given the features of e-mail addresses, their terms of use have to be set out in a policy. Usually, e-mail addresses can be used both in activities supervized at school and in students’ other relationships. Their use has to be regulated by rules that specify the responsibilities of every person concerned.

Employing e-mail in an educational context involves learning about the responsibilities inherent to its use. Students have to be made aware of the responsibilities flowing from ownership of an address. They should be required to comply with a code of conduct appropriate to their level of maturity.

Since e-mail can be used in various circumstances outside of school, the study paper suggests preparing an information kit for families. The kit could contain a letter of introduction to the parents, the school’s e-mail use policy, the code of conduct, and the user agreement for secondary school students or a notice addressed to the parents of primary school students.

PDF Version

ouvrir la catégorie  Guide sur la protection de la vie privée dans les services de courrier électronique en site web (2000)(Guide to Privacy Protection in Website E-mail Services)

Designed in a realistic manner and based on structures inherent to the Internet, website e-mail services can be very useful if they comply with Quebec legislation on privacy protection.

The guide describes the privacy protection requirements for e-mail services on websites. It specifies how to comply with Quebec legislation on protection of privacy, describes the rules that should be followed when developing and using such services, and suggests models that contain measures required for compliance with the spirit and the letter of Quebec privacy protection legislation.

Briefly, the approaches and documents suggested for e-mail services concern transparency with respect to users and systematic tracking of personal information management processes.

E-mail services have to be based on computer tools with a high level of protection for users’ personal information and messages.

The service offer must explain how the service works and, if it is funded through advertising, the implications in terms of sharing personal information. The more the e-mail service provider plans to use personal information for purposes distantly related to the immediate needs of service delivery, the more important it becomes to obtain informed prior consent from each user.

PDF Version

Annexes : Schéma I    Schéma II    Schéma III    Schéma IV