Implementing a privacy management program for your business is a critical yet complex undertaking. This presentation examines recent findings and resources issued by the Office of the Privacy Commissioner of Canada.
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
Privacy and Your Business: Getting it Right - MaRS Best Practices
1. Privacy and
Your Business:
Getting it Right
MaRS Best Practices
March 5, 2013
Lorne MacDougall (Director
PIPEDA, Toronto Office)
Vance Lockton (Senior Regional
Analyst)
2.
3. Presenta(on
Outline
1. Introduc(ons
2. 10
Tips
for
Avoiding
a
Complaint
to
the
OPC
3. OPC
Resources
and
Website
4. Build
a
Privacy
Plan
for
Your
Business
5. GeIng
Accountability
Right
with
a
Privacy
Management
Program
6. The
Importance
of
Transparency
7. Conclusions
and
Q&A
3
4. Why is privacy important?
• It s the law!
• Creates trust in your organization
• Can improve an organization s reputation
• Could save costs in the long-run
• Good privacy means good business
5. The Consequences
• Increased risk of a privacy breach
• Increase in customer complaints
• Negative media attention
• Loss of reputation and trust
• Potential high costs to resolve breach
• Can unnecessarily increase day-to-day
operational expenses
6. Role of the Privacy
Commissioner of Canada
• Under PIPEDA and Privacy Act
Investigate • Negotiates to find solution and makes recommendation
Complaints • Ability to pursue court action if necessary
Officer of • Brings privacy issues to the attention of parliament and
Parliament provides advice
Public • Promoting public awareness and understanding of
Education privacy issues
8. What is not covered?
• The collection, use or disclosure of personal
information by federal, provincial or territorial
government
• An employee's name, title, business address or
telephone number
• An individual's collection, use or disclosure of
personal information strictly for personal purposes
• An organization's collection, use or disclosure of
personal information solely for journalistic, artistic
or literary purposes
9. The Toronto Office
• Stronger regional presence.
• Significant number of Canadian
businesses have established
headquarters in the GTA.
• More than half of respondent
organizations for PIPEDA complaints
are based in the GTA.
• PIPEDA investigation work on the ground.
• Help bring about better compliance with
PIPEDA.
9
10. Privacy & Small Business
Small businesses often don t have
the money to hire privacy
specialists or lawyers to help
them figure out how to comply
with Canada s privacy
legislation, nor is it always
necessary. Good privacy
compliance doesn t have to be
expensive or time-consuming.
- Jennifer Stoddart, Commissioner
13. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
13
14. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
14
15. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
15
16. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
16
17. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
17
18. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
18
19. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
19
20. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
20
21. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
21
22. 10
Tips
for
Avoiding
Complaints
to
the
OPC
1
• Post
contact
info
for
your
Privacy
Officer
on
your
website
6
• Driver’s
licenses
–
you
can
look,
but
don’t
record
2
• Train
staff
about
privacy
7
• Be
up
front
about
collec(on
and
use
of
personal
informa(on
3
• Take
responsibility
for
employee
ac(ons
8
• Tell
customers
about
video
surveillance
4
• Limit
collec(on
of
personal
informa(on
9
• Protect
personal
informa(on
5
• Make
SINs
op(onal
10
• Respond
to
access
requests
22
24. OPC
Resources
and
Website
Resources
-‐>
Informa(on
for
Organiza(ons
24
25. OPC
Resources
and
Website
Resources
-‐>
Informa(on
for
Organiza(ons
25
26. OPC
Resources
and
Website
Build
a
privacy
plan
for
your
business
–
The
privacy
tool
for
small
businesses
26
27. Build
a
Privacy
Plan
for
your
Business
• Who’s
on
Step
2
• Do
you
collect
Step
4
• Do
you
collect
Point?
• Do
you
collect
customer
• Do
you
collect
purchase
contact
demographics?
financial
informa(on?
informa(on?
informa(on?
Step
1
Step
3
Step
5
• Do
you
collect
Step
7
• Evaluate
your
Step
9
• Your
Privacy
opinions/ • Do
you
collect
collec(on
of
• Who
needs
to
Plan!
interests?
other
informa(on
see
the
informa(on?
collected
informa(on?
Step
6
Step
8
Step
10
27
28. Build
a
Privacy
Plan
for
your
Business
• For
steps
2-‐7,
select
from
a
list
of
op(ons:
– Which
of
the
following
types
of
data
do
you
collect
from
your
customers?
– Who
in
your
organiza(on
collects
this
informa(on?
– Why
does
your
organiza(on
collect
this
informa(on?
28
29. Build
a
Privacy
Plan
for
your
Business
• Select
from
a
list
of
op(ons
(cont d):
– Who
in
your
organiza(on
uses
this
informa(on?
– How
is
this
informa(on
stored?
– Do
you
ever
share
this
informa(on
with
or
sell
it
to
third
par(es?
29
30. Build
a
Privacy
Plan
for
your
Business
• This
process
generates:
– An
informa(on
audit
of
your
business
– Consent
provisions
required
specifically
for
your
business
– A
security
plan
for
protec(ng
personal
informa(on
in
your
care
– A
sample
privacy
brochure
for
your
customers
– A
training
needs
assessment
30
32. What
do
we
mean
by
accountability ?
• Principle
1
of
Schedule
1
of
PIPEDA
states:
An
organiza(on
is
responsible
for
personal
informa(on
under
its
control
and
shall
designate
an
individual
or
individuals
who
are
accountable
for
the
organiza(on s
compliance
with
the
following
principles…
32
33. GeIng
Accountability
Right:
Building
Blocks
• Culture
of
privacy
• Program
controls
• Ongoing
assessment
and
review
33
35. Transparency
What
you
do:
An
organiza:on
shall
make
readily
available
to
individuals
specific
informa:on
about
its
policies
and
prac:ces
rela:ng
to
the
management
of
personal
informa:on.
Why
you
do
it:
Organiza:ons
shall
make
a
reasonable
effort
to
ensure
that
the
individual
is
advised
of
the
purposes
for
which
informa:on
will
be
used.
35