We have just shy of 200 members in Quebec, and just over 50 of them are certified. We now have a viable KnowledgeNet Chapter in Montreal, and we’ve started to look into holding privacy certification training classes there. Realizing that a major hurdle has always been the ability to provide materials in French, the IAPP is moving along that path now — not to mention in German, Dutch, Spanish, etcetera … Being a global organization, translating materials — and doing it well — is a big challenge.

I mention the inroads we’re making in La Belle Province because of the news story this week that the Desjardins financial institution is being investigated due to a recent privacy breach. What’s particularly newsworthy is that I’m pretty sure the investigation is the first joint investigation between the federal office and the Quebec Commission d’accès à l’information.

Considering that the Quebec law predates PIPEDA, it is a little surprising that the two offices have not officially collaborated like this before. Time will tell what will become of the joint investigation, but I bet the impact on the company won’t be nearly as dire as the fine being proposed by the OIC in the U.K. against British Airways over its role in another data breach. There, the regulator is going after 1.5% of the airway’s 2018 turnover — which translates to 183 million GBP. In Canadian dollars, that converts to about $300 million.

So, while the folks in Quebec and at Desjardins, in particular, get themselves ready for the first-ever joint investigation, I bet they are glad they aren’t subject to the GDPR in this country.