Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

Slides:

Advertisements

Similar presentations

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Advertisements

ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

The Data Protection (Jersey) Law 2005.

Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

INTERNET and CODE OF CONDUCT

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

Per Anders Eriksson

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Class 13 Internet Privacy Law European Privacy.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.

The Data Protection Act 1998 The Eight Principles.

Florida Information Protection Act of 2014 (FIPA).

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.

Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

BC Public Libraries November, 2008 Privacy Principles.

Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.

The Protection of Personal Information Bill 13 February

Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)

FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.

TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Data protection—training materials [Name and details of speaker]

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Protection of Personal Information Act An Analysis on the impact.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Understanding Privacy An Overview of our Responsibilities.

Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.

Understanding Privacy An Overview of our Responsibilities.

FERPA Family Educational Rights and Privacy Act

Data Protection GCSE ICT Mrs N Steventon-2005.

Data Protection and Confidentiality

Privacy principles Individual written policies

Florida Information Protection Act of 2014 (FIPA)

Obligations of Educational Agencies: Parents’ Bill of Rights

Privacy principles Individual written policies

General Data Protection Regulation

Florida Information Protection Act of 2014 (FIPA)

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Data Protection & Freedom of Information- An Introduction

Privacy & Access to Information

FIPPA and CASL Overview

Employee Privacy and Privacy of Employee Information

GDPR (General Data Protection Regulation)

PERSONAL INFORMATION BILL

Colorado “Protections For Consumer Data Privacy” Law

Presentation transcript:

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011

Agenda 1.Introduction & Icebreaker 2.Privacy Legislation 3.CBC’s Websites 4.Transfer to a Third Party 5.Transfer Outside of Canada 6.Retention & Destruction 7.Breaches 8.Conclusion 9.Round Table Discussion 2

Privacy Legislation Privacy Act – Federal governments, departments & Crown Corporations PIPEDA (Personal Information Protection & Electronic Documents Act) – Private-sector legislation –comparable provincial legislation (BC, AB, QC) CBC is subject to the federal Privacy Act which governs the collection, use and disclosure of personal information 3

Privacy Act – Personal Information Personal information is information about an identifiable individual recorded in any form: –Race, national or ethnic origin, colour, religion, age, marital status –Education, medical, criminal or employment history –Financial transaction –Identifying number, symbol, etc. assigned to a person –Address, fingerprints, blood type –Views/opinions of an individual –Correspondence to government institution / replies –Views/opinions of someone else about the individual –Name where it appears with personal information 4

Privacy Act - Collection, Use and Disclosure Personal information may be collected only for a stated purpose “use” and may only be used for another purpose with consent The information must be collected directly from the individual or from a third party with that person’s consent Personal information may only be disclosed with consent, subject to some exceptions 5

Privacy Act Exclusions Information gathered only for journalistic, artistic or literary purposes and for no other purpose is excluded from the Privacy Act because of the right to freedom of expression If the personal information is being used for any purpose other than, or in addition to, journalistic, artistic or literary (e.g. marketing or research) it is subject to the Privacy Act 6

CBC’s Collection of Personal Information Unless otherwise authorized by the Privacy Act –No personal information shall be collected by CBC/Radio-Canada unless it relates directly to an operating program or activity of CBC/Radio-Canada –CBC/Radio-Canada shall, wherever possible, collect personal information that is intended to be used for an administrative purpose directly from the individual to whom it relates except where the individual authorizes otherwise –CBC/Radio Canada shall inform any individual from whom it collects personal information of the purpose for which the information is being collected 7

CBC Website Visitors Individuals who register with the CBC Member Centre or simply visit CBC’s websites, must know: –how their personal information will be used –to whom it will be disclosed Under the CBC.ca Terms of Use: IF YOU ARE DISSATISFIED WITH THE TERMS, CONDITIONS, RULES, POLICIES, GUIDELINES OR PRACTICES OF THE CBC/R OPERATING WEB SITE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING IT. 8

Personal Information – Third Party Transfer CBC may transfer information to a third party, acting as its agent, for the original purpose without further consent but CBC remains responsible for the treatment of that information This risk should be covered by obligations in CBC’s contract with the third party – if not on CBC’s GSA, then evaluated with the Law Department and custom language provided CBC must ensure the personal information is treated in accordance with CBC’s Privacy Policy or applicable legislation 9

Transferring Outside of Canada Personal information can be transferred outside of Canada as long as the “purpose” is the same CBC cannot override the laws of a foreign jurisdiction CBC must inform users when they log on that their personal information may be stored outside of Canada where it will be subject to foreign laws and may be accessed by the courts’ law enforcement and national security authorities 10

Other Jurisdictions - Europe All western European countries have privacy legislation similar to or stricter than Canada’s If CBC’s service provider is in Europe, CBC only needs to ensure that the service provider will comply with its privacy legislation 11

U.S. The U.S. poses the major problem because it has no strong privacy legislation Information stored on U.S. servers is subject to the U.S. Patriot Act which permits authorities to enter premises without a warrant and gather personal information When information is sensitive, some companies have insisted, even when dealing with a U.S. branch plant, that the personal information gathered be kept on a Canadian server 12

Safe Harbor Framework Because the EU threatened to prevent the transfer of personal information to the U.S., the U.S. created a voluntary Safe Harbor Framework Companies join the Safe Harbor List by committing to significant personal information protection contained in the framework. If a company is on this list, CBC may rely on this as sufficient privacy protection in a contract, but the fact that the company adheres to the framework needs to be set out in the contract SafeHarbor List is at 13

Breaches/Decisions Third Party Breach - Call CBC Privacy Officer who will conduct an audit and advise on next steps Internal CBC Breach – Call CBC Privacy Officer Hot topics in the news: Sony, TJMAX, Facebook, BC Health 14

Retention/Destruction Retention –Personal information that has been used by CBC/Radio-Canada for an administrative purpose shall be retained for such period of time after it is so used as may be prescribed by regulation in order to ensure that the individual to whom it relates has a reasonable opportunity to obtain access to the information Destruction –CBC/Radio-Canada shall dispose of personal information under its control in accordance with the regulations and with any directives or guidelines issued by the designated minister in relation to the disposal of that information and with its corporate retention schedule. Use and Disclosure of Personal Information 15

Inspection The Privacy Act allows any individual to inquire about their personal information that is in the possession of CBC, and to require that it be corrected if need be. As a result, it is imperative that any person or entity that collects personal information to properly maintain the records in a way that is easily managed, and to purge the records as soon as they are no longer required. 16

Conclusion – Practical Tips USER – Tell user for what purpose the personal information will be used and that it may be transferred outside Canada and accessed by governmental authorities if that is the case SUPPLIER - If CBC uses a third party, their contract must cover their responsibility to conform with CBC’s Personal Information & Privacy Protection Policy or other applicable privacy legislation (also confirm the company’s policy); if outside of Canada consult Law Department BREACH - If there is a breach, contact the CBC Privacy Officer immediately 17