SlideShare a Scribd company logo

Privacy and Your Business: Getting it Right - MaRS Best Practices

MaRS Discovery District
MaRS Discovery District

Implementing a privacy management program for your business is a critical yet complex undertaking. This presentation examines recent findings and resources issued by the Office of the Privacy Commissioner of Canada.

Business
1 of 41
Download to read offline
Privacy and Your Business: Getting it Right   MaRS Best Practices March 5, 2013 Lorne MacDougall (Director PIPEDA, Toronto Office) Vance Lockton (Senior Regional Analyst)
Presenta(on  Outline   1.  Introduc(ons   2.  10  Tips  for  Avoiding  a  Complaint  to  the  OPC   3.  OPC  Resources  and  Website   4.  Build  a  Privacy  Plan  for  Your  Business   5.  GeIng  Accountability  Right  with  a  Privacy   Management  Program   6.  The  Importance  of  Transparency   7.  Conclusions  and  Q&A   3  
Why is privacy important? •  It s the law! •  Creates trust in your organization •  Can improve an organization s reputation •  Could save costs in the long-run •  Good privacy means good business
The Consequences •  Increased risk of a privacy breach •  Increase in customer complaints •  Negative media attention •  Loss of reputation and trust •  Potential high costs to resolve breach •  Can unnecessarily increase day-to-day operational expenses
Role of the Privacy Commissioner of Canada • Under PIPEDA and Privacy Act Investigate • Negotiates to find solution and makes recommendation Complaints • Ability to pursue court action if necessary Officer of • Brings privacy issues to the attention of parliament and Parliament provides advice Public • Promoting public awareness and understanding of Education privacy issues
Except where provincial legislation is deemed substantially similar
What is not covered? •  The collection, use or disclosure of personal information by federal, provincial or territorial government •  An employee's name, title, business address or telephone number •  An individual's collection, use or disclosure of personal information strictly for personal purposes •  An organization's collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes
The Toronto Office •  Stronger regional presence. •  Significant number of Canadian businesses have established headquarters in the GTA. •  More than half of respondent organizations for PIPEDA complaints are based in the GTA. •  PIPEDA investigation work on the ground. •  Help bring about better compliance with PIPEDA. 9  
Privacy & Small Business Small businesses often don t have the money to hire privacy specialists or lawyers to help them figure out how to comply with Canada s privacy legislation, nor is it always necessary. Good privacy compliance doesn t have to be expensive or time-consuming. - Jennifer Stoddart, Commissioner
Good  privacy  is  good  for  business.   11  
The 10 Privacy Principles 1. Accountability 6. Accuracy 2. Identifying Purposes 7. Safeguards 3. Consent 8. Openness 4. Limiting Collection 9. Individual Access 5. Limiting Use, Disclosure 10. Challenging and Retention Compliance
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   13  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   14  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   15  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   16  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   17  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   18  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   19  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   20  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   21  
10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   22  
OPC  Resources  and  Website       www.priv.gc.ca     23  
OPC  Resources  and  Website     Resources  -­‐>    Informa(on  for   Organiza(ons   24  
OPC  Resources  and  Website     Resources  -­‐>    Informa(on  for   Organiza(ons   25  
OPC  Resources  and  Website     Build  a  privacy  plan  for   your  business  –   The   privacy  tool  for  small   businesses   26  
Build  a  Privacy  Plan  for  your  Business   • Who’s  on   Step  2   • Do  you  collect   Step  4   • Do  you  collect   Point?   • Do  you  collect   customer   • Do  you  collect   purchase   contact   demographics?     financial   informa(on?   informa(on?   informa(on?   Step  1   Step  3   Step  5   • Do  you  collect   Step  7   • Evaluate  your   Step  9   • Your  Privacy   opinions/ • Do  you  collect   collec(on  of   • Who  needs  to   Plan!   interests?   other   informa(on   see  the   informa(on?   collected   informa(on?   Step  6   Step  8   Step  10   27  
Build  a  Privacy  Plan  for  your  Business   •  For  steps  2-­‐7,  select  from  a  list  of  op(ons:   –  Which  of  the  following  types  of  data  do  you   collect  from  your  customers?   –  Who  in  your  organiza(on  collects  this   informa(on?   –  Why  does  your  organiza(on  collect  this   informa(on?   28  
Build  a  Privacy  Plan  for  your  Business   •  Select  from  a  list  of  op(ons  (cont d):   –  Who  in  your  organiza(on  uses  this  informa(on?   –  How  is  this  informa(on  stored?   –  Do  you  ever  share  this  informa(on  with  or  sell  it   to  third  par(es?   29  
Build  a  Privacy  Plan  for  your  Business   •  This  process  generates:   –  An  informa(on  audit  of  your  business   –  Consent  provisions  required  specifically  for  your  business   –  A  security  plan  for  protec(ng  personal  informa(on  in  your   care   –  A  sample  privacy  brochure  for  your  customers   –  A  training  needs  assessment   30  
Ge#ng  Accountability  Right  with  a   Privacy  Management  Program   31  
What  do  we  mean  by   accountability ?   •  Principle  1  of  Schedule  1  of  PIPEDA  states:       An  organiza(on  is  responsible  for  personal   informa(on  under  its  control  and  shall   designate  an  individual  or  individuals  who  are   accountable  for  the  organiza(on s  compliance   with  the  following  principles…   32  
GeIng  Accountability  Right:   Building  Blocks   •  Culture  of  privacy   •  Program  controls   •  Ongoing  assessment  and  review   33  
For  More  Informa,on   34  
Transparency   What  you  do:     An  organiza:on  shall  make  readily  available  to  individuals   specific  informa:on  about  its  policies  and  prac:ces  rela:ng  to   the  management  of  personal  informa:on.   Why  you  do  it:     Organiza:ons  shall  make  a  reasonable  effort  to  ensure  that   the  individual  is  advised  of  the  purposes  for  which  informa:on   will  be  used.   35  
Transparency                       The  Challenges   36  
Transparency                       The  Expecta(ons   37  
Transparency                       The  Opportuni(es   38  
We re  here  to  help!   39  
    Ques(ons?   40  
Privacy and Your Business: Getting it Right - MaRS Best Practices

Recommended

Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Effective Privacy Training
Effective Privacy TrainingEffective Privacy Training
Effective Privacy TrainingLida Penerdzhyan
 
Data Privacy Compliance: Why & How
Data Privacy Compliance: Why & How Data Privacy Compliance: Why & How
Data Privacy Compliance: Why & How Andrea Huck-Esposito
 
Computer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network ConferenceComputer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network ConferenceEric Vanderburg
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Business continuity
Business continuityBusiness continuity
Business continuityMalcolm York
 

Recommended

Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Effective Privacy Training
Effective Privacy TrainingEffective Privacy Training
Effective Privacy TrainingLida Penerdzhyan
 
Data Privacy Compliance: Why & How
Data Privacy Compliance: Why & How Data Privacy Compliance: Why & How
Data Privacy Compliance: Why & How Andrea Huck-Esposito
 
Computer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network ConferenceComputer Fraud - Eric Vanderburg - China Resource Network Conference
Computer Fraud - Eric Vanderburg - China Resource Network ConferenceEric Vanderburg
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Business continuity
Business continuityBusiness continuity
Business continuityMalcolm York
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23John C. Havens
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
Lect 08 computer security and privacy 2 4 q
Lect 08 computer security and privacy 2 4 qLect 08 computer security and privacy 2 4 q
Lect 08 computer security and privacy 2 4 qRamy Eltarras
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossPrivacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossThomas Gross
 
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16TechSoup
 
Bill Stankiewicz Copy Scope 2010 Npi Company
Bill Stankiewicz Copy Scope 2010 Npi CompanyBill Stankiewicz Copy Scope 2010 Npi Company
Bill Stankiewicz Copy Scope 2010 Npi CompanyBillStankiewicz
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Sec and ethics presentation
Sec and ethics presentationSec and ethics presentation
Sec and ethics presentationDarren McManus
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxSit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxjennifer822
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2dbarton944
 
idBUSINESS Red Flag Rules For Dentists
idBUSINESS Red Flag Rules For DentistsidBUSINESS Red Flag Rules For Dentists
idBUSINESS Red Flag Rules For DentistsSteven Lane
 
How to Pitch a VC - Entrepreneurship 101
How to Pitch a VC - Entrepreneurship 101How to Pitch a VC - Entrepreneurship 101
How to Pitch a VC - Entrepreneurship 101MaRS Discovery District
 
The Pitch - Entrepreneurship 101
The Pitch - Entrepreneurship 101The Pitch - Entrepreneurship 101
The Pitch - Entrepreneurship 101MaRS Discovery District
 

More Related Content

Similar to Privacy and Your Business: Getting it Right - MaRS Best Practices

Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23John C. Havens
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
Lect 08 computer security and privacy 2 4 q
Lect 08 computer security and privacy 2 4 qLect 08 computer security and privacy 2 4 q
Lect 08 computer security and privacy 2 4 qRamy Eltarras
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossPrivacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossThomas Gross
 
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16TechSoup
 
Bill Stankiewicz Copy Scope 2010 Npi Company
Bill Stankiewicz Copy Scope 2010 Npi CompanyBill Stankiewicz Copy Scope 2010 Npi Company
Bill Stankiewicz Copy Scope 2010 Npi CompanyBillStankiewicz
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin RowneySymantec
 
Sec and ethics presentation
Sec and ethics presentationSec and ethics presentation
Sec and ethics presentationDarren McManus
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxSit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxjennifer822
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2dbarton944
 
idBUSINESS Red Flag Rules For Dentists
idBUSINESS Red Flag Rules For DentistsidBUSINESS Red Flag Rules For Dentists
idBUSINESS Red Flag Rules For DentistsSteven Lane
 

Similar to Privacy and Your Business: Getting it Right - MaRS Best Practices (20)

Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
 
Applied data analytics_v1_6.23
Applied data analytics_v1_6.23Applied data analytics_v1_6.23
Applied data analytics_v1_6.23
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer Care
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer Care
 
Lect 08 computer security and privacy 2 4 q
Lect 08 computer security and privacy 2 4 qLect 08 computer security and privacy 2 4 q
Lect 08 computer security and privacy 2 4 q
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossPrivacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
 
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16Webinar: 12 Tips to Stay Safer Online - 2018-10-16
Webinar: 12 Tips to Stay Safer Online - 2018-10-16
 
Bill Stankiewicz Copy Scope 2010 Npi Company
Bill Stankiewicz Copy Scope 2010 Npi CompanyBill Stankiewicz Copy Scope 2010 Npi Company
Bill Stankiewicz Copy Scope 2010 Npi Company
 
RSA 2010 Kevin Rowney
RSA 2010 Kevin RowneyRSA 2010 Kevin Rowney
RSA 2010 Kevin Rowney
 
Sec and ethics presentation
Sec and ethics presentationSec and ethics presentation
Sec and ethics presentation
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics Assignment
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data GraveyardsTrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxSit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docx
 
Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2Security And Legal In The Cloud Ats V2
Security And Legal In The Cloud Ats V2
 
idBUSINESS Red Flag Rules For Dentists
idBUSINESS Red Flag Rules For DentistsidBUSINESS Red Flag Rules For Dentists
idBUSINESS Red Flag Rules For Dentists
 

More from MaRS Discovery District

How to Pitch a VC - Entrepreneurship 101
How to Pitch a VC - Entrepreneurship 101How to Pitch a VC - Entrepreneurship 101
How to Pitch a VC - Entrepreneurship 101MaRS Discovery District
 
25 lessons learned - Entrepreneurship 101
25 lessons learned - Entrepreneurship 10125 lessons learned - Entrepreneurship 101
25 lessons learned - Entrepreneurship 101MaRS Discovery District
 
So you want to start a business? - Entrepreneurship 101
So you want to start a business? - Entrepreneurship 101So you want to start a business? - Entrepreneurship 101
So you want to start a business? - Entrepreneurship 101MaRS Discovery District
 
Lessons in Startup Leadership - Entrepreneurship 101
Lessons in Startup Leadership - Entrepreneurship 101Lessons in Startup Leadership - Entrepreneurship 101
Lessons in Startup Leadership - Entrepreneurship 101MaRS Discovery District
 
Startup finances: Forecasting, Modelling & Metrics
Startup finances: Forecasting, Modelling & MetricsStartup finances: Forecasting, Modelling & Metrics
Startup finances: Forecasting, Modelling & MetricsMaRS Discovery District
 
10+ Steps to Scaling Your Cheer Squad - Entrepreneurship 101
10+ Steps to Scaling Your Cheer Squad - Entrepreneurship 10110+ Steps to Scaling Your Cheer Squad - Entrepreneurship 101
10+ Steps to Scaling Your Cheer Squad - Entrepreneurship 101MaRS Discovery District
 
Scaling Your Startup - Entrepreneurship 101
Scaling Your Startup - Entrepreneurship 101Scaling Your Startup - Entrepreneurship 101
Scaling Your Startup - Entrepreneurship 101MaRS Discovery District
 
Scaling Outside Canada - Entrepreneurship 101
Scaling Outside Canada - Entrepreneurship 101Scaling Outside Canada - Entrepreneurship 101
Scaling Outside Canada - Entrepreneurship 101MaRS Discovery District
 
Partnership Negotiations - Entrepreneurship 101
Partnership Negotiations - Entrepreneurship 101Partnership Negotiations - Entrepreneurship 101
Partnership Negotiations - Entrepreneurship 101MaRS Discovery District
 
Art of the deal 101: Notes from the Trenches - Entrepreneurship 101
Art of the deal 101: Notes from the Trenches - Entrepreneurship 101Art of the deal 101: Notes from the Trenches - Entrepreneurship 101
Art of the deal 101: Notes from the Trenches - Entrepreneurship 101MaRS Discovery District
 
The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101
The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101
The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101MaRS Discovery District
 
Sales Putting the Fun in Funnel - Entrepreneurship 101
Sales Putting the Fun in Funnel - Entrepreneurship 101Sales Putting the Fun in Funnel - Entrepreneurship 101
Sales Putting the Fun in Funnel - Entrepreneurship 101MaRS Discovery District
 

More from MaRS Discovery District (20)

How to Pitch a VC - Entrepreneurship 101
How to Pitch a VC - Entrepreneurship 101How to Pitch a VC - Entrepreneurship 101
How to Pitch a VC - Entrepreneurship 101
 
The Pitch - Entrepreneurship 101
The Pitch - Entrepreneurship 101The Pitch - Entrepreneurship 101
The Pitch - Entrepreneurship 101
 
25 lessons learned - Entrepreneurship 101
25 lessons learned - Entrepreneurship 10125 lessons learned - Entrepreneurship 101
25 lessons learned - Entrepreneurship 101
 
So you want to start a business? - Entrepreneurship 101
So you want to start a business? - Entrepreneurship 101So you want to start a business? - Entrepreneurship 101
So you want to start a business? - Entrepreneurship 101
 
Lessons in Startup Leadership - Entrepreneurship 101
Lessons in Startup Leadership - Entrepreneurship 101Lessons in Startup Leadership - Entrepreneurship 101
Lessons in Startup Leadership - Entrepreneurship 101
 
Why Should I Work for You? (The EVP)
Why Should I Work for You? (The EVP)Why Should I Work for You? (The EVP)
Why Should I Work for You? (The EVP)
 
A New Hiring Paradigm
A New Hiring ParadigmA New Hiring Paradigm
A New Hiring Paradigm
 
How to Find and Hire Top Talent
How to Find and Hire Top TalentHow to Find and Hire Top Talent
How to Find and Hire Top Talent
 
Startup finances: Forecasting, Modelling & Metrics
Startup finances: Forecasting, Modelling & MetricsStartup finances: Forecasting, Modelling & Metrics
Startup finances: Forecasting, Modelling & Metrics
 
Financial Modelling
Financial Modelling Financial Modelling
Financial Modelling
 
Forecasting Revenue
Forecasting RevenueForecasting Revenue
Forecasting Revenue
 
10+ Steps to Scaling Your Cheer Squad - Entrepreneurship 101
10+ Steps to Scaling Your Cheer Squad - Entrepreneurship 10110+ Steps to Scaling Your Cheer Squad - Entrepreneurship 101
10+ Steps to Scaling Your Cheer Squad - Entrepreneurship 101
 
Scaling Your Startup - Entrepreneurship 101
Scaling Your Startup - Entrepreneurship 101Scaling Your Startup - Entrepreneurship 101
Scaling Your Startup - Entrepreneurship 101
 
Scaling Outside Canada - Entrepreneurship 101
Scaling Outside Canada - Entrepreneurship 101Scaling Outside Canada - Entrepreneurship 101
Scaling Outside Canada - Entrepreneurship 101
 
Partnership Negotiations - Entrepreneurship 101
Partnership Negotiations - Entrepreneurship 101Partnership Negotiations - Entrepreneurship 101
Partnership Negotiations - Entrepreneurship 101
 
Licensing - Entrepreneurship 101
Licensing - Entrepreneurship 101Licensing - Entrepreneurship 101
Licensing - Entrepreneurship 101
 
Art of the deal 101: Notes from the Trenches - Entrepreneurship 101
Art of the deal 101: Notes from the Trenches - Entrepreneurship 101Art of the deal 101: Notes from the Trenches - Entrepreneurship 101
Art of the deal 101: Notes from the Trenches - Entrepreneurship 101
 
Social Selling - Entrepreneurship 101
Social Selling - Entrepreneurship 101Social Selling - Entrepreneurship 101
Social Selling - Entrepreneurship 101
 
The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101
The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101
The Art & Science of Sales: Tips, Tricks & Tools - Entrepreneurship 101
 
Sales Putting the Fun in Funnel - Entrepreneurship 101
Sales Putting the Fun in Funnel - Entrepreneurship 101Sales Putting the Fun in Funnel - Entrepreneurship 101
Sales Putting the Fun in Funnel - Entrepreneurship 101
 

Recently uploaded

(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCRsoniya singh
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxBanana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxgeorgebrinton95
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756dollysharma2066
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 

Recently uploaded (20)

(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxBanana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 

Privacy and Your Business: Getting it Right - MaRS Best Practices

  • 1. Privacy and Your Business: Getting it Right   MaRS Best Practices March 5, 2013 Lorne MacDougall (Director PIPEDA, Toronto Office) Vance Lockton (Senior Regional Analyst)
  • 2.
  • 3. Presenta(on  Outline   1.  Introduc(ons   2.  10  Tips  for  Avoiding  a  Complaint  to  the  OPC   3.  OPC  Resources  and  Website   4.  Build  a  Privacy  Plan  for  Your  Business   5.  GeIng  Accountability  Right  with  a  Privacy   Management  Program   6.  The  Importance  of  Transparency   7.  Conclusions  and  Q&A   3  
  • 4. Why is privacy important? •  It s the law! •  Creates trust in your organization •  Can improve an organization s reputation •  Could save costs in the long-run •  Good privacy means good business
  • 5. The Consequences •  Increased risk of a privacy breach •  Increase in customer complaints •  Negative media attention •  Loss of reputation and trust •  Potential high costs to resolve breach •  Can unnecessarily increase day-to-day operational expenses
  • 6. Role of the Privacy Commissioner of Canada • Under PIPEDA and Privacy Act Investigate • Negotiates to find solution and makes recommendation Complaints • Ability to pursue court action if necessary Officer of • Brings privacy issues to the attention of parliament and Parliament provides advice Public • Promoting public awareness and understanding of Education privacy issues
  • 7. Except where provincial legislation is deemed substantially similar
  • 8. What is not covered? •  The collection, use or disclosure of personal information by federal, provincial or territorial government •  An employee's name, title, business address or telephone number •  An individual's collection, use or disclosure of personal information strictly for personal purposes •  An organization's collection, use or disclosure of personal information solely for journalistic, artistic or literary purposes
  • 9. The Toronto Office •  Stronger regional presence. •  Significant number of Canadian businesses have established headquarters in the GTA. •  More than half of respondent organizations for PIPEDA complaints are based in the GTA. •  PIPEDA investigation work on the ground. •  Help bring about better compliance with PIPEDA. 9  
  • 10. Privacy & Small Business Small businesses often don t have the money to hire privacy specialists or lawyers to help them figure out how to comply with Canada s privacy legislation, nor is it always necessary. Good privacy compliance doesn t have to be expensive or time-consuming. - Jennifer Stoddart, Commissioner
  • 11. Good  privacy  is  good  for  business.   11  
  • 12. The 10 Privacy Principles 1. Accountability 6. Accuracy 2. Identifying Purposes 7. Safeguards 3. Consent 8. Openness 4. Limiting Collection 9. Individual Access 5. Limiting Use, Disclosure 10. Challenging and Retention Compliance
  • 13. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   13  
  • 14. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   14  
  • 15. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   15  
  • 16. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   16  
  • 17. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   17  
  • 18. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   18  
  • 19. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   19  
  • 20. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   20  
  • 21. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   21  
  • 22. 10  Tips  for  Avoiding  Complaints  to  the  OPC   1   •  Post  contact  info  for  your   Privacy  Officer  on  your  website   6   • Driver’s  licenses  –  you  can  look,   but  don’t  record   2   •  Train  staff  about  privacy   7   • Be  up  front  about  collec(on  and   use  of  personal  informa(on   3   •  Take  responsibility  for   employee  ac(ons   8   • Tell  customers  about  video   surveillance   4   •  Limit  collec(on  of  personal   informa(on   9   • Protect  personal  informa(on   5   •  Make  SINs  op(onal   10   • Respond  to  access  requests   22  
  • 23. OPC  Resources  and  Website       www.priv.gc.ca     23  
  • 24. OPC  Resources  and  Website     Resources  -­‐>    Informa(on  for   Organiza(ons   24  
  • 25. OPC  Resources  and  Website     Resources  -­‐>    Informa(on  for   Organiza(ons   25  
  • 26. OPC  Resources  and  Website     Build  a  privacy  plan  for   your  business  –   The   privacy  tool  for  small   businesses   26  
  • 27. Build  a  Privacy  Plan  for  your  Business   • Who’s  on   Step  2   • Do  you  collect   Step  4   • Do  you  collect   Point?   • Do  you  collect   customer   • Do  you  collect   purchase   contact   demographics?     financial   informa(on?   informa(on?   informa(on?   Step  1   Step  3   Step  5   • Do  you  collect   Step  7   • Evaluate  your   Step  9   • Your  Privacy   opinions/ • Do  you  collect   collec(on  of   • Who  needs  to   Plan!   interests?   other   informa(on   see  the   informa(on?   collected   informa(on?   Step  6   Step  8   Step  10   27  
  • 28. Build  a  Privacy  Plan  for  your  Business   •  For  steps  2-­‐7,  select  from  a  list  of  op(ons:   –  Which  of  the  following  types  of  data  do  you   collect  from  your  customers?   –  Who  in  your  organiza(on  collects  this   informa(on?   –  Why  does  your  organiza(on  collect  this   informa(on?   28  
  • 29. Build  a  Privacy  Plan  for  your  Business   •  Select  from  a  list  of  op(ons  (cont d):   –  Who  in  your  organiza(on  uses  this  informa(on?   –  How  is  this  informa(on  stored?   –  Do  you  ever  share  this  informa(on  with  or  sell  it   to  third  par(es?   29  
  • 30. Build  a  Privacy  Plan  for  your  Business   •  This  process  generates:   –  An  informa(on  audit  of  your  business   –  Consent  provisions  required  specifically  for  your  business   –  A  security  plan  for  protec(ng  personal  informa(on  in  your   care   –  A  sample  privacy  brochure  for  your  customers   –  A  training  needs  assessment   30  
  • 31. Ge#ng  Accountability  Right  with  a   Privacy  Management  Program   31  
  • 32. What  do  we  mean  by   accountability ?   •  Principle  1  of  Schedule  1  of  PIPEDA  states:       An  organiza(on  is  responsible  for  personal   informa(on  under  its  control  and  shall   designate  an  individual  or  individuals  who  are   accountable  for  the  organiza(on s  compliance   with  the  following  principles…   32  
  • 33. GeIng  Accountability  Right:   Building  Blocks   •  Culture  of  privacy   •  Program  controls   •  Ongoing  assessment  and  review   33  
  • 35. Transparency   What  you  do:     An  organiza:on  shall  make  readily  available  to  individuals   specific  informa:on  about  its  policies  and  prac:ces  rela:ng  to   the  management  of  personal  informa:on.   Why  you  do  it:     Organiza:ons  shall  make  a  reasonable  effort  to  ensure  that   the  individual  is  advised  of  the  purposes  for  which  informa:on   will  be  used.   35  
  • 36. Transparency                       The  Challenges   36  
  • 37. Transparency                       The  Expecta(ons   37  
  • 38. Transparency                       The  Opportuni(es   38  
  • 39. We re  here  to  help!   39  
  • 40.     Ques(ons?   40