Organizations are currently faced with an ever-changing digital landscape. In order to respond effectively and ethically to their mission, teams are more than ever responsible for collecting, analyzing and managing the data they receive, compile and study. These practices are carried out with the help of a multitude of IT tools, and follow strict procedures which, despite everything, can present their own share of risks.

Collectif Récolte is part of the Montréal in Common innovation community, which includes a data governance component piloted by Open North. With the initial support of Open North in the fall of 2022, Collectif Récolte began its data governance journey. A second project is currently underway with the Tomat project team on issues relating to confidentiality and the protection of personal information.

Questions concerning data security, privacy protection and the responsible management of personal or sensitive data are central to organizations and businesses today. At Collectif Récolte, we believe in the importance of taking action to enhance the transparency between our organization and its ecosystem, and to increase trust in our team and its work methods. Since September 22, 2023, the deadline to apply the new provisions of Law 25 on the protection of Quebecers personal information, we have put in place new data governance measures.

Deployment of Law 25 at Collectif Récolte


Internal Privacy Policy


Data Collection, Retention, Sharing and Analysis Consent Form


Confidentiality and Non-Disclosure Agreements


Internal best practice guide to raise awareness and train the team in the management of personal and sensitive information

*And other preventive measures and intervention plans to protect sensitive data in our ecosystem.

Why new digital security provisions?

Confidentiality and Privacy

The new measures taken by Collectif Récolte are focused on maintaining users’ privacy and offering them greater control over the personal information they share online. To this end, we minimize the collection of personal data and collect only what is necessary for specific development and management purposes. These provisions strike a balance between the need to protect personal data and respecting individual’s fundamental rights on the web.

Digital Sovereignty

By protecting your sensitive data, we help defend your interests against unauthorized access, phishing and any other harmful activity related to the collection of your personal information. With the proper framework and by centralizing your information, you have control of how your personal information is accessed and used on the web.

Data Protection and Security

Managing digital data through appropriate collection, storage and use practices greatly limits the possibility of security breaches. In the event of such an incident, a vulnerability management framework enables quick identification of the source of the problem, so that immediate action can be taken.

In what ways?

Law 25 is a measure taken by the Québec government to modernize privacy legislation in the face of new technologies. This law imposes new obligations on organizations and businesses, with the aim of granting new rights to individuals. The law will be phased in over three years (from 2022 to 2024): to find out how it will be implemented, consult the guide des nouvelles responsabilités et obligations des entreprises (in French only).

Beyond Law 25 


Collectif Récolte teams build close ties with their partners. To respect the principle of transparency, information on project governance is shared with stakeholders. Project learnings and impact measurement analyses are compiled in documents and sent to Collectif Récolte partners on a regular basis. By keeping them informed of our progress, we can benefit from their constructive feedback and follow the evolution of their needs and activities, in complete transparency.

Digital Sobriety and Ecological Transition

Digital sobriety is an approach to reducing our environmental footprint in information and communications technologies; effective data governance can help identify and eliminate inefficiencies in IT systems and work tools.

Optimized IT structure: A coherent, optimized IT structure can help reduce the over-consumption of energy associated with oversized servers and inefficient IT processes. In other words, it encourages more judicious use of hardware and energy resources.

Process optimization: This has a direct impact on energy consumption, as more efficient processes mean less computing time, less data transfer and less use of hardware resources. In this way, data governance helps to reduce the carbon emissions associated with IT operations.

Reducing e-waste: The secure deletion of unnecessary data is a common practice; this step is essential to ensure the confidentiality of information, but it also has a positive environmental impact. By properly disposing of unnecessary data, data governance helps to reduce the amount of e-waste generated by an organization.

In short, data governance is a powerful tool for promoting digital sobriety. It maximizes the efficiency of IT infrastructures and processes, while minimizing the production of electronic waste. By adopting responsible data management, organizations can not only improve their environmental footprint, but also achieve substantial cost and energy savings.

To find out more

To find out more about the three-stage deployment of this law in relation to the practices of Collectif Récolte, consult the document below (in French only):