Public Sector Case Studies: THE ESTABLISHMENT OF A PRIVACY OFFICE.

Slides:

Advertisements

Similar presentations

The Canadian Occupational Health and Safety System

Advertisements

Facilitated by: Pobal Training Initiative.  Using the “Managing Better” Toolkit  Principles of Good Governance  Key Responsibilities of the Company.

Managing Risk: A Framework and Reporting Cycle 2014.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Board Recruitment Information Let’s get to work. Private, non-profit organization Volunteer Board of Directors Oversee workforce initiatives Partner with.

Addressing Fetal Alcohol Spectrum Disorder (FASD) in New Brunswick Stacy Taylor Department of Health January 24, 2012.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

The Value in Conducting a Privacy Impact Assessment

Workplace Safety and Health Program

Purpose of the Standards

CHDCCS Business Service Center, Information Technology and Financial Planning Employee Safety Training March 29, 2002.

Chapter 7 – Major Planning Decisions Throughout the Life of a Small Business VCE Year 11 Business Management Unit 1 Learning Outcome 2 VCE Business Management.

Disability Management Definition: “…the process of preventing and managing absence from work. Operationally, it is an active process directed towards promoting.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

1 CHCOHS312A Follow safety procedures for direct care work.

Key changes and transition process

Key changes from OHSAS 18001:1999

Corporate Social Responsibility- do we need a Statutory Instrument? Presented to the Zambia Alternative Mining Indaba conference- July 17, 2013 Sombo Chunda,

1 Privacy Impact Assessment ARMA Workshop April 5, 2006 Alec Campbell.

Safety in the Workplace

Occupational Health & Safety

Healthy Workplace Initiative A New Way of Doing Business.

Basics of OHSAS Occupational Health & Safety Management System

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

2 ND EDITION ROD JONES Copyright © Pearson Australia (a division of Pearson Australia Group Pty Ltd) 2010 PowerPoint presentation to accompany.

Irene Khan – Secretary General Building effective and responsive INGOs, the strategic role of HR: The IS Job Value Review 8 February 2008.

World Bank Institute Regional Workshop for Anglophone Africa on Auditing and Financial Accountability Addis Ababa KEY ISSUES IN CREATING AN EFFECTIVE INTERNAL.

General Principles for the Procurement of Goods and Services Asst. Prof. Muhammad Abu Sadah.

PORTFOLIO COMMITTEE 20 OCTOBER 2004 MANAGEMENT OF HIV and AIDS IN THE PUBLIC SERVICE.

CHD MERIDIAN HEALTHCARE Your Health & Productivity Solution Robert Land Chief Information Officer Robert Land Chief Information Officer.

Privacy Project Framework & Structure HIPAA Summit Brent Saunders

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

Welcome Return to work: part of good occupational health and safety HCHSA Toronto, Ontario February 21, 2005.

1 GAEP Study Tour An Overview of the Ombudsman for Workplace Safety May 16, 2007.

WEC MADRID 18 TH MARCH 2004 ASTRAZENECA’S APPROACH TO SUPPLIER RISK MANAGEMENT.

Worker Focused Safety Program Violence in the Workplace Worker Training Module 2.

Chris Strangwood Frances Fairclough North Tyneside Single Assessment Process Information and Development Events Menzies Hotel, North Shields April - May.

Role of Montana State Fund. Montana State Fund is committed to the health and economic prosperity of Montana through superior service, leadership and.

Health and Safety Everyone’s responsibility

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Presentation to the Local Authorities Revenue Management Association – October 2012 The role of the Office of the Information Commissioner.

Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.

Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

OHSAS Occupational health and safety management system.

Budget Study Sessions -Sound Fiscal Management that Facilitates Meeting the Needs of the Community -A High Performing Workforce that is Committed.

Sharing Personal Information Programme Wales Accord on the Sharing of Personal Information (WASPI) for organisations involved in the protection, safety,

Budget Study Sessions Strategic Support Proposed Operating Budget OUTCOMES: - A High Performing Workforce that is Committed to Exceeding.

Introducing the Continuous Learning Framework Scottish Social Services Council.

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

Understanding Privacy An Overview of our Responsibilities.

Data Protection Officer’s Overview of the GDPR

Role of the Ministry of Labour Inspectors

Privacy Education Session CMHA-WECB/CCHC Volunteers/Students

IIASA Governance Review

GDPR - New Data Protection Regulation

Privacy Project Framework & Structure

Employee Privacy and Privacy of Employee Information

OHS–Occupational Health & Safety

Gem Complete Health Services

ISO 45001:2018 The importance of a Safety Management System

Presentation transcript:

Public Sector Case Studies: THE ESTABLISHMENT OF A PRIVACY OFFICE

2AGENDA WSIB) uIntroduction to the ONTARIO WORKPLACE SAFETY & INSURANCE BOARD (WSIB) WSIB PRIVACY OFFICE uEvolution of the WSIB PRIVACY OFFICE PRIVACY INFRASTRUCTURE uBuilding a corporate PRIVACY INFRASTRUCTURE

3 The Workplace Safety and Insurance Board An Overview uThe Workplace Safety and Insurance Board (WSIB) began as the Workmen's Compensation Board in 1915 through an Act of the Ontario Legislature uThe system of no-fault collective liability provides fair compensation for injured workers and their families, while spreading individual costs among employers uToday, the WSIB administers some 340,000 claims with a staff of 4,293 located throughout Ontario u A total of 201,272 Ontario employers are covered by the WSIB

4 ENABLING LEGISLATION uWORKPLACE SAFETY and INSURANCE ACT (WSIA) –Provides for legislative authority for the collection, use, retention and disclosure of information uFREEDOM OF INFORMATION and PROTECTION OF PRIVACY ACT (FIPPA) –Provides the right of access to information under the control of institutions –Protects the privacy of individuals with respect to personal information about themselves held by institutions and provides individuals with a right of access to that information

5 CHANGE DRIVERS uWCB  WSIB (1998) THE ELIMINATION OF ALL WORKPLACE INJURIES and ILLNESSES –VISION: THE ELIMINATION OF ALL WORKPLACE INJURIES and ILLNESSES – WISB now oversees Ontario’s system of workplace safety education and training –Greater support of research efforts in the study of occupational disease and workplace safety –Emphasis on early and safe return to work uNew technologies implemented uIncreased outsourcing of business processes

6 Health Professionals Pharmacies Alternate Service Providers Employers APPLICATION SYSTEMS, TELEPHONE FAX, MAIL, , INTERNET Hospitals Researchers Safe Workplace Associations (SWAS) LMR Service Providers WSIB Employees Working Outside the Office WSIB Contracted Specialty Clinics

7 uJanuary 1, 2002 Program Privacy Group –Developed the capacity to implement Privacy Impact Assessments –Completed PIAs for key strategic projects –Educated project teams through privacy presentations PRIVACY –BUILT PRIVACY AWARENESS WITH SENIOR MANAGEMENT PRIVACY MAKING THE CASE FOR A PRIVACY OFFICE

8 PRIVACY COMPLIANCE DASHBOARD VIEW OF PRIVACY COMPLIANCE

9 ACCOUNTABILITY *Source: Information and Privacy Commissioner/Ontario (IPC)- Privacy Diagnostic Tool

10 PRIVACY PRIVACY IS ON THE CORPORATE MAP WSIB PRIVACY OFFICE uJuly 1, 2002 WSIB PRIVACY OFFICE –Legal Services Division –Integrated FOI Program –Full service ACCESS and PRIVACY OFFICE –Multidisciplined team FOI Co-ordinator, business specialists, security architect, project management experience

11 TEAMWORK “NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED PEOPLE CAN CHANGE THE WORLD. INDEED, IT IS THE ONLY THING THAT EVER HAS”.

12 PRIVACY OFFICE RELATIONSHIPS LEGAL SERVICES SECURITY ARCHITECTURE BUSINESS CONTRACTED SERVICE PROVIDERS PRIVACYOFFICE RESEARCHERS

13 PRIVACY CORPORATE PRIVACY FRAMEWORK FOI PROGRAM Governance Risk Assessments & Risk Mgmt Education & Awareness

14 PRIVACY WSIB PRIVACY DESIGN PRINCIPLES uCompliance with the Privacy Design Principles is mandatory (FIPPA) for all project staff and consultants uPurpose:  Help staff and consultants doing projects understand and meet the WSIB’s privacy obligations with respect to the design and implementation of any type of WSIB project  Enhance WSIB privacy compliance by ensuring legislated privacy requirements are met from project concept to business integration upon completion of the project.

15 PRIVACY Concept Applying the PRIVACY Concept to a Project: uWSIB Project & Program Privacy Design Principles uProject Initiation –Terms of Reference Initial Privacy Security Screening Assessent 1st step in identifying privacy requirements –Business Case

16 PRIVACY PRIVACY Review Process Initial Privacy Screening Assessment: uA questionnaire to determine if there are possible privacy implications,requiring a more detailed privacy review of the project  To be completed at the conceptual phase of a project. »Is there personal information (as defined by FIPPA) collected, used, disclosed and retained? »Who collects it? »How is it Collected? »Where does it go? (ie. Does it cross Ontario/Canadian borders? »How is it transmitted to external parties? ( ,fax) »Will the data be retained? If so, for how long? »Who will have access to the information? »What is the legislative authority for the collection, use and disclosure of personal information?

17 PRIVACY PRIVACY Impact Assessments uWhat is a PIA? A PIA is a process that measures both legislative compliance (I.e. FIPPA, WSIA) and considers the broader privacy implications of a given proposal. uPurpose The function of a PIA is to ensure that privacy risks associated with a given proposal are properly identified and addressed wherever possible, and that decision makers have been informed of these risks and the options available to mitigate them.

18 The PIA The PIA in the PROJECT LIFE CYCLE uCONCEPT and PLANNING –Project Definition Initial PIA –Conceptual Design Privacy & Security Requirements uDETAILED DESIGN & IMPLEMENTATION Interim PIAs uPOST IMPLEMENTATION Final PIA

19 The PIA The PIA in the PROJECT LIFE CYCLE The Privacy Impact Assessment Process provides for:  More detailed definition of privacy requirements  Integration of privacy requirements into project  Assurance reporting to project and business management

20 PRIVACY POSITIONING & COMMUNICATION PRIVACY PRIVACY IS NOT JUST ABOUT COMPLYING WITH LEGISLATION PRIVACY PRIVACY IS ABOUT: uBUILDING TRUSTED RELATIONSHIPS uGOOD BUSINESS PRACTICE

21

22

23 QUESTIONS/COMMENTS?

24 SPEAKER CONTACT INFORMATION Laurisa Tkachenko Director, Privacy Office Workplace Safety & Insurance Board 200 Front Street West, 20th floor Tel: (416)