Greater Toronto Hockey League The Implementation of PIPEDA and Amateur Sports – A Case Study.

Slides:

Advertisements

Similar presentations

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Advertisements

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Information & Compliance UL University of Limerick & UL employees obliged to comply with certain legislation, including: Freedom of Information.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

Fairfax County Citizens Police Academy Alumni Association

Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.

Developing a Records & Information Retention & Disposition Program:

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Release & Deployment ITIL Version 3

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Best Practices: Financial Resource Management February 2011.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Singapore data protection compliance 13 September 2012.

HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

BC Public Libraries November, 2008 Privacy Principles.

IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

OMB Memorandum M Implementation of the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) September 2013.

Organisational Policy

1 PARCC Data Privacy & Security Policy December 2013.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.

Taylor County Schools FERPA (Confidentiality) Training August 17, 2010.

Privacy Legislation: What Every Funeral Director Needs to Know Julie Maciura March 31 and April 1, 2004.

Data Coordinating Center University of Washington Department of Biostatistics Elizabeth Brown, ScD Siiri Bennett, MD.

PRIVACY TRAINING For CAILBA members

PROC Foundation, Inc. “Don’t Dream It, Drive It”

Privacy Education Session CMHA-WECB/CCHC Volunteers/Students

Privacy principles Individual written policies

IT Applications Theory Slideshows

Move this to online module slides 11-56

Red Flags Rule An Introduction County College of Morris

G.D.P.R General Data Protection Regulations

Disability Services Agencies Briefing On HIPAA

Employee Privacy and Privacy of Employee Information

GDPR (General Data Protection Regulation)

On the Cutting Edge – Update on Privacy Legislation

H2.9b Maintain Information

Good Spirit School Division

Privacy Principles Melinda Clarke.

Presentation transcript:

Greater Toronto Hockey League The Implementation of PIPEDA and Amateur Sports – A Case Study

PIPEDA  Personal Information Protection and Electronic Documents Act  Applies to the collection, use, disclosure and security of personal information in the course of commercial activities  Personal information is any information about an identifiable individual

PIPEDA  Requires consent for collection, use and disclosure of personal information  Consent can be Implied versus Expressed  Opt in v. Opt Out  The distinction between an obvious purpose and a secondary purpose

What is needed by organizations  Chief Privacy Officer  Process to inventory/classify existing personal information  Effective Policies and Practices  Staff Training and Awareness on Privacy  Retain consent provided on file  Continuous process to keep information up to date/accurate  Physical security safeguards over personal information  Strong IT security and configuration (who can see or use)  Process to communicate Privacy policies and practices  Process to respond to Access requests/corrections/complaints  Complaints review process – initiate changes to policies and practices  Compliance/Monitoring process - internal or external

GTHL – A Case Study – What We Did  GTHL Privacy Policy  Grass Roots Up Development  Consistent Policy–GTHL–OHF–Hockey Canada  Written so that GTHL Clubs/Associations can use in an easily adaptable form

Chief Privacy Office  GTHL Executive Director and President  Jointly accountable to the Board of Directors for compliance  Responsible for the GTHL’s Compliance with PIPEDA privacy principles  Responsible for responding to access requests  Responsible for ensuring the GTHL is accountable for all personal information it it’s possession

Inventory/Classy  Inventoried existing hard copy data  Inventoried electronic information  Classified what was needed  Classified purpose of collection  Archived and destroyed data that was not needed.

Policies/Practices  Established GTHL Policy  Ensured Polices and Practices reflected both the legislation and GTHL Policy

Training  “Internal procedures and employee education is as important as what the privacy policy says”  Trained Staff  Trained Volunteers  Informed GTHL Clubs and Membership

Consent  Reviewed and revised all forms of personal information collection –Player Cards –Club Executive Forms –Tournament Forms  Statement of rationale for collection  Consent to distribute  Electronic tracking of consent

Accurate Data  Established Process for the keeping of accurate data  Re-Registration  Application process for review  Application process for update

Physical Security  IT Security Provisions were implemented including On-Line Registration and On- Line Financial Transactions  Necessary Server Protection  “Locked” Security Room was constructed to protect documents  Practices of Transferring data were reviewed (I.E. Couriers etc.)

IT Security  Password Protection  E-Commerce Review to ensure compliance  Tiered Access to Information

Communication  Web-site publication of policy  Other GTHL documents to participants

Processes  Access Requests  Corrections  Complaints  Review

Questions  ??????