Privacy principles Individual written policies

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
The Data Protection (Jersey) Law 2005.
Data Protection.
VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Presentation by Mark Grady Vancouver Island University June 13, 2012.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Overview of Engagement – Under the terms of this engagement, the Advisor will provide advice in the areas checked below. Investment Management – Develop.
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
BC Public Libraries November, 2008 Privacy Principles.
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]
Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.
Protection of Personal Information Act An Analysis on the impact.
Understanding Privacy An Overview of our Responsibilities.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
Understanding Privacy An Overview of our Responsibilities.
Information Security and Privacy in HRIS
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Nassau Association of School Technologists
PRIVACY TRAINING For CAILBA members
CISI – Financial Products, Markets & Services
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
Privacy principles Individual written policies
Privacy & Confidentiality
General Data Protection Regulation
Data protection issues in regulatory investigations
APP entities (organisations)
Data Protection Legislation
Privacy & Access to Information
FIPPA and CASL Overview
Current Privacy Issues That May Affect Your Credit Union
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulations 2018
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Complaints Investigation Presenter: Ms H Phetoane Senior Investigator :HealthCare Cases Prepared for OHSC Consultative Workshops.
Complaints Investigation Presenter: Ms H Phetoane Senior Investigator :HealthCare Cases Prepared for OHSC Consultative Workshops.
Complaints Investigation Presenter: Ms H Phetoane Senior Investigator :HealthCare Cases Prepared for OHSC Consultative Workshops.
On the Cutting Edge – Update on Privacy Legislation
PERSONAL INFORMATION BILL
Government Data Practices & Open Meeting Law Overview
PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG
Good Spirit School Division
Complaints Investigation Presenter: Ms H Phetoane Senior Investigator :HealthCare Cases Prepared for OHSC Consultative Workshops.
Government Data Practices & Open Meeting Law Overview
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

Privacy principles Individual written policies Section 5 - Privacy Privacy principles Individual written policies

Privacy Act (1985) The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

Privacy and CF CF Canada Financial will endeavor to respect and maintain the privacy and confidentiality of all personal information collected as part of the requirements of conducting our Insurance and Financial business. We will abide by the ten principles of privacy as quoted in the guidelines by the Office of the Privacy Commissioner. Further, we will follow our documented Complaint Handling Procedures to resolve any complaint, issue, and grievance. Where appropriate, if the complaint involves allegations of serious misconduct, breach of privacy or is a legal action, CF Canada Financial’s Compliance Department will make senior management aware of the complaint. In all such cases, if the complaint involves (a) the business of one of CF’s contracted Product Provider Companies or (b) the suitability of the contracted advisor, CF will notify the Provider Company Compliance Department about the complaint An organization is responsible for the protection of personal information and the fair handling of it at all times, throughout the organization and in dealings with third parties. Care in collecting, using and disclosing personal information is essential to continued consumer confidence and good will.

What is Personal Information? (a) information relating to the race, national or ethnic origin, colour, religion, age or marital status of the individual, (b) information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved, (c) any identifying number, symbol or other particular assigned to the individual, (d) the address, fingerprints or blood type of the individual, (e) the personal opinions or views of the individual except where they are about another individual or about a proposal for a grant, an award or a prize to be made to another individual by a government institution or a part of a government institution specified in the regulations, (f) correspondence sent to a government institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to such correspondence that would reveal the contents of the original correspondence, (g) the views or opinions of another individual about the individual, (h) the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the individual by an institution or a part of an institution referred to in paragraph (e), but excluding the name of the other individual where it appears with the views or opinions of the other individual, and (i) the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual

The 10 Principles 1. Accountability 2. Identifying purposes 3. Consent 4. Limiting collection 5. Limiting use, disclosure, and retention 6. Accuracy 7. Safeguards 8. Openness 9. Individual access 10. Challenging compliance

Accountability (1) Be accountable Your responsibilities: Comply with all 10 of the principles of Schedule 1. Appoint an individual (or individuals) to be responsible for your organization's compliance. Protect all personal information held by your organization or transferred to a third party for processing. Develop and implement personal information policies and practices.

Identifying Purpose (2) Your organization must identify the reasons for collecting personal information before or at the time of collection Your responsibilities: Before or when any personal information is collected, identify why it is needed and how it will be used. Document why the information is collected. Inform the individual from whom the information is collected why it is needed. Identify any new purpose for the information and obtain the individual’s consent before using it.

Consent (3) Obtain consent Your responsibilities: Inform the individual in a meaningful way of the purposes for the collection, use or disclosure of personal data. Obtain the individual's consent before or at the time of collection, as well as when a new use is identified.

Limiting Collection (4) Limit collection Your responsibilities: Do not collect personal information indiscriminately. Do not deceive or mislead individuals about the reasons for collecting personal information.

Limiting Use, Disclosure and Retention (5) Limit use, disclosure, and retention Your responsibilities: Use or disclose personal information only for the purpose for which it was collected, unless the individual consents or the use or disclosure is authorized by the Act. Keep personal information only as long as necessary to satisfy the purposes. Put guidelines and procedures in place for retaining and destroying personal information. Keep personal information used to make a decision about a person for a reasonable time period. This should allow the person to obtain the information after the decision and pursue redress. Destroy, erase or render anonymous information that is no longer required for an identified purpose or a legal requirement.

Accuracy (6) Be accurate Your responsibilities: Minimize the possibility of using incorrect information when making a decision about the individual or when disclosing information to third parties.

Safeguards (7) Use appropriate safeguards Your responsibilities: Protect personal information against loss or theft. Safeguard the information from unauthorized access, disclosure, copying, use or modification. Protect personal information regardless of the format in which it is held. Encript electronic devices Cloud usage discussion CF Virtgate Google, Microsoft, etc.

Openness (8) Be open Your responsibilities: Inform customers, clients, and employees that you have policies and practices for the management of personal information. Make these policies and practices understandable and easily available.

Individual Access (9) Give individuals access Your responsibilities: When requested, inform individuals if you have any personal information about them. Explain how it is or has been used and provide a list of any organizations to which it has been disclosed. Give individuals access to their information. Correct or amend any personal information if its accuracy and completeness are challenged and found to be deficient. Provide a copy of the information requested, or reasons for not providing access, subject to exceptions set out in Section 9 of the Act (see page 18). An organization should note any disagreement on file and advise third parties where appropriate.

Challenging Compliance (10) Provide recourse Your responsibilities: Develop simple and easily accessible complaint procedures. Inform complainants of their avenues of recourse. These include your organization's complaint procedures, those of industry associations, regulatory bodies and the Office of the Privacy Commissioner of Canada. Investigate all complaints received. Take appropriate measures to correct information handling practices and policies. Create robust procedures to handle privacy breaches

Requirement for Individual Written Policies Initial Paperwork Risk Assessment Training Attendance

Thank you! ANY QUESTIONS?

Section 6 – Privacy Breaches What is a Privacy Breaches? - improper or unauthorized collection, use, disclosure, retention or disposal of personal information. - may occur within an institution or off-site and may be the result of inadvertent errors or malicious by employees, third parties, partners in information-sharing agreements or intruders.

Section 6 – Privacy Breaches Breach Containment - Establish procedures, plans to address privacy breaches - Sharing of lessons learned

Section 6 – Privacy Breaches Preliminary Assessment - Use forms to assist with the initial investigation - Identifying involved parties whose personal information has been wrongfully disclosed or accessed, or lost - Notifying Access to Information and Privacy (ATIP), Department Security Officer (DSO)

Section 6 – Privacy Breaches Evaluate the Risks - Intrusions to Data Network System, potential redirect to malicious web site - use of unauthorized personal information lead to legal litigation, financial loss

Section 6 – Privacy Breaches Notification - Description of the incident, including date and time - Source of the breach - List of the personal information that has been or may have been comprised

Section 6 – Privacy Breaches Prevention of Future Breaches - Follow the requirements of the Policy on Government Security (PGS) issued by the Treasury Board of Canada Secretariat (TBS). The Royal Canadian Mounted Police (RCMP) - Conduct Privacy Impact Assessment (PIAs) and Threat and Risk Assessments (TRAs) in accordance with the Directive on Privacy Impact Assessment - Regular ongoing training to employees, managers and executives

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.