Access / Privacy Officer
Mandatory appointment of a person responsible for access to documents and the protection of personal information, with publicly listed contact details.
Quebec's municipalities, RCMs, departments, Crown corporations and other public bodies are subject to the Act respecting Access to documents held by public bodies and the Protection of personal information. Since 2021, these obligations have been considerably strengthened by Law 25.
In partnership with the AAPI and Conformaze, Synéra supports public bodies in meeting their ATIP obligations — appointing the Privacy Officer, maintaining the incident register, conducting Privacy Impact Assessments (PIAs), handling access requests and delivering accredited training.
Mandatory appointment of a person responsible for access to documents and the protection of personal information, with publicly listed contact details.
Keeping a register of confidentiality incidents and notifying the Commission d'accès à l'information (CAI) in certain cases.
A Privacy Impact Assessment before any project to acquire, develop or redesign a system that involves personal information.
Responding to access requests within 20 calendar days, with extensions possible. Recourse before the CAI in the event of a refusal.
Policies published on the website: management of personal information, information life cycle, agreements with subcontractors.
Awareness and training of staff on ATIP obligations — particularly for roles that come into contact with personal information.
A complete audit of your current compliance: appointment of the officer, registers, published policies, request-handling processes, information security.
Implementation of the missing elements: policies, registers, PIA templates, standard subcontractor agreements, documented internal processes.
Training for your officer and staff through the AAPI's PFPAIPRP-OPQ program (joint certification with the Université de Montréal).
Annual follow-up, policy updates, support during incidents, and assistance with PIAs for new projects. An outsourced Privacy Officer is available as needed.
A team specialized in access to information and the protection of personal information — combined with the AAPI's accredited training and ITGS's technical support.