Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Slides:



Advertisements
Similar presentations
How Compliance Fits Sandra Dolson Wholesale Compliance Manager SLF Canada.
Advertisements

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Data Protection.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.
Data Ownership Responsibilities & Procedures
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
1 Office of theCommissariat Privacy Commissionerà la protection de of Canadala vie privée du Canada Personal Information Protection and Electronic Documents.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Information Privacy Policy in Canada Presented By: Sue Wu.
What Will My Records Retention Schedule Look Like ?
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Electronic Records Management: What Management Needs to Know May 2009.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
FERPA: What you Need to Know The Family Educational Rights and Privacy Act & SEI.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
The Intersection between Public Records Act and State Human Resources Act Connecting the dots… Tina Dadio, University Public Records Officer/Paralegal.
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
All Employee Basic Records Management Training. Training Overview 1.Training Objectives 2.Clark County RIM Program 3.Key Concepts 4.Employee Responsibilities.
The Protection of Personal Information Bill 13 February
Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Information Security. Your responsibilities as a Government of Canada employee.
Managing Effectively. Managing effectively is your responsibility.
Records Management and You!. Your responsibilities as a Government of Canada employee.
UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.
Information Management and the Departing Employee.
Information Management (IM) 101. What you need to know about IM, in a nutshell.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Understanding Privacy An Overview of our Responsibilities.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
Understanding Privacy An Overview of our Responsibilities.
Data Protection and Confidentiality
Privacy principles Individual written policies
IT Applications Theory Slideshows
Privacy principles Individual written policies
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
PERSONAL DATA PROTECTION ACT 2010
Disability Services Agencies Briefing On HIPAA

Data Protection principles
Data Protection and You
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
Information management and communication
Good Spirit School Division
Information Governance Office
Presentation transcript:

Privacy and Personal Information

WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your responsibilities with respect to the protection and management of personal information. Which major legislation and policies directly relate to privacy and personal information. WHAT YOU WILL LEARN:

Personal information is… Information about an identifiable individual that is recorded in any form

EXAMPLES OF PERSONAL INFORMATION: Home address Home telephone number Age, date of birth, gender Blood type Ethnicity, nation of origin, colour of skin Religious beliefs Health care/medical history Opinions about a person from others Marital status Identifying numbers SIN, PRI Credit card numbers Criminal records, fingerprints Curriculum vitae Educational history Financial history Employment information Exact salary

DATA ABOUT FEDERAL EMPLOYEES NOT CONSIDERED PERSONAL: Address at work Classification of job position Work-related correspondence Details of employment contract Fact that a person is or was employed by the government Name on government contract Opinion about job Responsibilities of job Salary range Telephone number at work (including business cell phone number) Fax number at work Job title Security level of position

Responsibility GoC employees are expected to be aware of and to follow applicable guidelines for the collection of personal information.

GUIDELINES: COLLECTION OF PERSONAL INFORMATION Any collection of personal information must be done in consultation with your department’s Access To Information and Privacy (ATIP) office. No personal information shall be collected unless it relates directly to an operating program or activity of the institution.

GUIDELINES: COLLECTION OF PERSONAL INFORMATION If you are: –designing a new program or service; –making significant changes to an existing program or service; or –converting from a conventional to an electronic service- delivery method. You should speak to your department’s ATIP office to determine if you must perform a Privacy Impact Assessment (PIA) according to the Treasury Board Secretariat and OIC Privacy Impact Assessment policies.

DISCLOSURE IS VERY IMPORTANT It is vital that the following is disclosed to the owners of the personal information: –Why this personal information is being collected; –How this information may be used and if the information is shared, with whom; –How and for how long this information will be held and then disposed of.

GUIDELINES: COLLECTION OF PERSONAL INFORMATION The personal information your department collects, uses and discloses must also be registered with the Treasury Board Secretariat in a Personal Information Bank (PIB) through your department’s ATIP office. A PIB is a summary of the type of personal information the department or agency holds that is subject to the Privacy Act. Again, your department’s ATIP office can provide advice on when a PIB is appropriate and the best methods of communicating with information owners.

Responsibility GoC employees have a duty to protect and manage personal information about individuals.

PROTECTION OF PERSONAL INFORMATION Personal information will typically fall under the security classification of Protected A. Personal information can only be disclosed to the person concerned by the information or to those federal employees who need the information to do their job (those who have a “need to know”). Please see the Information Security Module for more detail on the storage and management of Protected A materials.

MANAGEMENT OF PERSONAL INFORMATION: Personal information is sensitive and should be stored and managed accordingly. Personal information should not be collected until it is ready to be used. Personal information should not continue to be stored when it is no longer being used. Personal information should be disposed of two years after all administrative actions are complete.

LEGISLATION AND POLICIES The major acts and policies that relate to privacy and personal information are: –The Privacy Act –The Access to Information Act –Personal Information Protection and Electronic Documents Act –Privacy Impact Assessment (PIA) Policy

ACCESS TO INFORMATION ACT The Access to Information Act gives Canadian citizens the right to access information in federal government records. This is in keeping with the principles that government information should be available to the public and that exceptions to this should be limited and specific.

PRIVACY ACT The Privacy Act protects the privacy of individuals by controlling personal information collected, used, retained or disposed of by federal government institutions. The Act also provides Canadian citizens and other individuals present in Canada with the right to access personal information about themselves held by a government institution.

PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT The Personal Information Protection and Electronic Documents Act establishes rules to govern the collection, use and disclosure of personal information by all federally regulated private sector organizations in the course of commercial activity. The Act also provides for the use of electronic alternatives to record or communicate information or transactions, describes the characteristics of secure electronic signatures and the conditions under which electronic signatures can be used to authenticate business transactions and to provide evidence in legal proceedings.

PRIVACY IMPACT ASSESSMENT (PIA) POLICY A Privacy Impact Assessment (PIA) is the process used to determine whether a program complies with the Privacy Act when you consider implementing new technologies, information systems, initiatives or policies. The recommendations resulting from a PIA will be used to mitigate any risks.

IN SUMMARY: Personal information is information about an identifiable individual that is recorded in any form. You should collect personal information only if you need it, have the authority to do so and are following appropriate guidelines. You must use a process for the storage and management of personal information that both enables access to and protection of the information. You must ensure that personal information is correct and you should practice “just in time” collection of personal information.

CONGRATULATIONS! You have just completed Privacy and Personal Information – an IM self-study module. You may now: –Test your knowledge with the following quiz. –Review other IM self-study modules in this series: Information Management 101 Managing Effectively Information Security Records Management and You! IM and the Departing Employee Understanding IM Within the Federal Government

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.