Brendan Seaton Slides:
On January 28, 2016, Canada, along with many countries, will celebrate Data Privacy Day. Recognized by privacy professionals, corporations, government officials, academics and students around the world, Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.
MaRS Discovery District and Privacy Horizon have teamed up to offer this special program for entrepreneurs and startup companies. Learn what you need to know to turn privacy into a competitive advantage.
The Start-Up’s Guide to Privacy - MaRS Best Practices
1. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
The Start-‐up’s Guide to Privacy
T U R N P R I V A C Y I N T O A C O M P E T I T I V E
A D V A N T A G E
2. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
IntroducIon to Privacy
Privacy and the Law
Privacy Gap Assessment Workskhop
Panel: Privacy – Who Cares?
The Start-‐up’s Guide – PracIcal Next Steps
Agenda
The Start-‐up’s Guide to Privacy
January
2016
3. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
DON’T
PANIC
4. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Important DefiniIons
• Privacy -‐ The right of an individual to
control the collecIon, use, disclosure and
retenIon of their personal informaIon
• ConfidenIality -‐ The obligaIon of a health
care provider (or other person) to protect
the secrecy of personal informaIon
• Security -‐ the tools and techniques we use
to protect the confidenIality, integrity
and availability of personal informaIon.
5. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Why Privacy?
• Privacy legislaIon
• Advances in informaIon technology and data
mining
• Public expectaIons
6. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Privacy Principles
There is nothing new or difficult about privacy. Good privacy is:
• Good business pracIce
• Good informaIon management pracIce
• Good clinical and health care management pracIce
OrganizaIons that have good business, informaIon management
and clinical management pracIces in place are likely in compliance
with these principles already
7. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
The Importance of Principles
• Consistent applicaIon of privacy rights
locally, naIonally and internaIonally
• Defines with precision the privacy
obligaIons of people handling personal
informaIon
• Provides a sound basis for a privacy
protecIon program
9. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Accountability
An organizaIon is responsible for
personal informaIon under its control
and shall designate an individual or
individuals who are accountable for
the organizaIon's compliance with
the following principles.
10. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
IdenIfying Purposes
The purposes for which personal
informaIon is collected shall be
idenIfied by the organizaIon at or
before the Ime the informaIon is
collected.
11. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Consent
The knowledge and consent of
the individual are required for the
collecIon, use, or disclosure of
personal informaIon, except
where inappropriate.
12. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
LimiIng CollecIon
The collecIon of personal
informaIon shall be limited
to that which is necessary for
the purposes idenIfied by
the organizaIon. InformaIon
shall be collected by fair and
lawful means.
13. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
LimiIng Use, Disclosure and RetenIon
Personal informaIon shall not be used or
disclosed for purposes other than those
for which it was collected, except with the
consent of the individual or as required by
law.
Personal informaIon shall be retained
only as long as necessary for the
fulfillment of those purposes.
14. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Accuracy
Personal informaIon
shall be as accurate,
complete, and up-‐to-‐
date as is necessary for
the purposes for which
it is to be used.
15. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Safeguards
Personal informaIon shall be
protected by security
safeguards appropriate to the
sensiIvity of the informaIon.
16. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Brendan Seaton and Rob Ford are admihed to
hospital….
Who’s personal information is more
sensitive?
17. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Openness
An organizaIon shall make readily available to individuals
specific informaIon about its policies and pracIces relaIng to
the management of personal informaIon.
18. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Individual Access
Upon request, an individual shall be
informed of the existence, use, and
disclosure of his or her personal informaIon
and shall be given access to that informaIon.
An individual shall be able to challenge the
accuracy and completeness of the
informaIon and have it amended as
appropriate.
19. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Challenging Compliance
An individual shall be able to address a challenge concerning
compliance with the above principles to the designated
individual or individuals accountable for the organizaIon's
compliance.
20. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
7 FoundaIonal Principles of PbD
1. ProacIve not ReacIve; PreventaIve not Remedial
2. Privacy as the Default Sekng
3. Privacy Embedded into design
4. Full FuncIonality – PosiIve-‐Sum, to Zero-‐Sum
5. End-‐to-‐end Security – Full Lifecycle ProtecIon
6. Visibility and Transparency-‐ Keep it Open
7. Respect for User Privacy – Keep it User-‐Centric
21. Developing talent • Growing ventures • Opening markets
Visit
us
at
marsdd.com
Next…
Privacy and
the Law