1 Session 7 - Privacy

2 Personal Information Protection and Electronic Documents Act Governs the collection, use and disclosure of personal information in a manner that balances the right of privacy of all individuals Requires each organization to designate a responsible officer

3 Personal Information Information about a person that originates from the person, e.g., social insurance number given to an employer, age. Does not include business information generated for a person, e.g., salary within the employer’s possession or grade within the school’s possession.

4 PIPEDA Principles Accountability – needs a chief privacy officer Identifying purpose Consent Limiting collection

5 PIPEDA Principles Limiting use, retention and disclosure. Accuracy Safeguards Openness

6 PIPEDA Principles Individual access Challenge

7 Technology Impact on Privacy Increasing technology power enables organizations to hold and analyze more data thereby potentially violating privacy legislation. Increasing tracking devices like radio frequency ID’s may violate privacy.

8 Addressing Technology Impact on Privacy Reviewing data stores to assess whether the amount and length of personal information retention is excessive. Reviewing data mining applications for privacy violations. Restricting tracking devices to be used within the organization.

9 But information about individuals acting in their business or professional capacity is NOT personal information (e.g. your name, position and records about routine work matters do not usually constitute your personal information)

10 To collect Personal Information, organizations must: Have legal authority to collect Collect directly from an individual Provide notice of collection

11 Collection of Personal Information must be directly from the person. Unless one of the following exemptions applies: Individual consents to indirect collection The information collected for determining suitability for an honour or award Information collected for law enforcement Indirect collection authorized by statute Limited other circumstances

12 Notice of Collection A notice to the individual whose Personal Information is being collected. A Notice of Collection must include: legal authority for the collection principal purpose(s) for which their personal information is intended to be used title, business address telephone of a public official for questions Remember….when drafting notice…. consider possible future uses & disclosures build in consistent purposes

13 Consistent Purpose Relates to use and disclosure of personal information Consistent purpose: The individual might reasonably have expected the use or disclosure at the time that the information was collected –Consistent purpose depends on the collection notice and what (reasonable) expectations it creates.

14 Personal Information can be used: with consent for original or consistent purposes for other limited purposes

15 Personal Information may only be disclosed in accordance with an Freedom of Information (FOI) request with consent for original or consistent purpose on a need to know, by officers or employees in the course of their duties in compliance with legislation or an agreement to other law enforcement agencies to aid investigation (I.e. a law enforcement proceeding) under compelling circumstances such as health/safety in compassionate circumstances by member of legislative assembly...others

16 We must… Maintain Personal Information for at least a year after last use, unless the individual consents to earlier disposal Take reasonable steps to not use PI unless it is accurate and up to date Dispose of PI according to regulation

17 Privacy is the requirement….Security enables Privacy Security covers data protection, integrity, confidentiality, availability and identity authentication; security safeguards that prevent unauthorized access to personal information – lock and key issues Privacy involves the individual’s ability, within reasonable limits, to control his/her own information and how it will be used – legal rights issues

18 The Levels of Sensitivity 1.HIGH 2.MEDIUM 3.LOW

19 Determining Sensitivity Level The level of sensitivity of information is based on: –the level of the business requirements for confidentiality, integrity and availability of the information AS A CONSIDERATION OF –the harm and injury that may be caused by the unauthorized access or release of the information The sensitivity level determines the appropriate safeguards required to protect the information.

20 Requirement for Confidentiality, Integrity and Availability Confidentiality is required when… Information must be protected from unauthorized disclosure – consider consequences of unauthorized disclosure –e.g. business losses, embarrassment to government, or personal damage Integrity is required when…. Information must be protected from unauthorized alteration or destruction whether accidental or deliberate – consider severity of the damage due to faulty information –e.g. consequences could be anything from financial damages to loss of life Availability is required when…. Information must be available when required – consider impact of service disruption – e.g. to business criticality or customer confidence – lost productivity or revenue

21 How to Classify Information High Sensitivity Classification Extremely sensitive information Intended for use by named individuals or positions only Restricted to specific employees only Information that if disclosed without authorization, –Could reasonably be expected to cause extremely serious personal or enterprise injury, significant financial loss (100’s K and up), loss of life or public safety, social hardship and major political or economic impact Examples: – All personal information – Witness Protection records, Young Offender Records, – Cabinet documents, deliberations and supporting documents – Identity documents e.g., birth, death, adoption, OHIP, Drivers – Personal medical records –Documents that could aid a terrorist attack

22 How to Classify Information Medium Sensitivity Classification Information sensitive within the OPS intended for use by specified groups of employees – Restricted to specific groups of employees only. –Could reasonably be expected to cause serious personal or enterprise injury, loss of competitive advantage, loss of confidence in the government program, moderate financial loss (10’s K$ and up) damage to partnerships, relationships and reputation Examples: – personal case files e.g., employee or citizen files – third party business information – legal or policy advice – industrial trade secrets

23 How to Classify Information Low Sensitivity Classification Information generally available to employees and approved non- employees (e.g. consultant or vendor) –Could reasonably be expected to cause injury to persons or enterprises that would result in minor financial loss, embarrassment and/or inconvenience. Examples: – ordinary staff meeting agendas and minutes – communications to claims clerks – simple escalation procedures Low sensitivity information does not require any labelling or ADDITIONAL safeguards.

24 Unclassified Information (a.k.a. everything else) Information that does not fall into any of the three sensitivity levels is considered “Unclassified” Unclassified information will not result in any injury to individuals, governments or to private sector institutions. Unclassified information does not require any labelling or ADDITIONAL safeguards. Examples: – speeches that have been delivered – public forms and applications – news releases – information posted on the government Internet website

25 Classifying the information Only the Owner may classify their information or change the classification of their information. The Owner may delegate classification responsibilities.

26 Safeguards Safeguards can be physical, technical and/or administrative. Safeguards must be considered when sensitive information is being created, accessed, stored, transmitted, distributed and destroyed. The primary safeguard for sensitive information is labelling.

27 Labelling Options Once the information has been classified it has to be labelled. There are many easy to use options available to you for labeling your information, such as: Setting a header format Creating a macro Applying a watermark Using an ink stamp Printing self-adhesive labels. Please refer to examples in your manual AND THE BEST PRACTICES DOCUMENT ON THE SECURITY WEBSITE.

28 Labelling High & Medium Sensitivity Information All high and medium sensitivity information must be labelled low sensitivity and unclassified information do not require labelling or any additional safeguards Steps for Labelling 1.Ensure you are the owner of the information – if not contact the owner immediately for further instructions. 2.Label all pages 3.Label clearly 4.For high sensitivity information, label all notes, drafts and photocopies 5.Put label in top right corner or center of page (not over existing printing) 6.Label all forms of information media (e.g. diskettes, CD’s, microfiche/microfilm, tapes, videos and paper documents)

29 Distributing High & Medium Sensitivity Information Only the owner or a delegate may copy or distribute sensitive information Distribute to named individuals or positions only Number copies to control how many are distributed Maintain a distribution list Mark each page “not to be copied or distributed without written consent of the Owner” Inform receiver information is not for distribution High Sensitivity Transmit encrypted and digitally signed.

30 Faxing Sensitive Information Medium sensitivity Use a fax machine located in a secure, supervised area Confirm the receipt of the faxed document Maintain transmission and receipt of records High sensitivity Use end-to-end encryption and a fax machine located in a secure, supervised area Retrieve fax copies immediately

31 Safeguards ing Sensitive Information High Sensitivity Use encryption and digital signature Keep a record of transmission/receipt of (folders file – sent file) Don’t forward sensitive s to web-based accounts or to Blackberry, text messaging cell phones, etc.

32 Safeguards Laptops and Mobile Computing Devices High or Medium sensitivity information Program managers or delegates must install the OPS encryption technology –Encrypt only the directories containing sensitive information –Do not encrypt applications or operating system Ensure access is password protected –Do not keep a record of the password with the laptop –Encrypt sensitive information on all mobile media (i.e cds, diskettes, videos, etc.) –If lost, report to your manager, the Help Desk and the Cluster Security Officer immediately

33 Safeguards Removing High & Medium Sensitivity Information from the Office Get authorization in writing from the Program Manager Keep a simple record –date and time removed –who removed it –date and time returned Don’t leave information or laptops unattended at any time in: Boardrooms Meeting rooms Washrooms Cars or public transit

34 Safeguards Physical Storage of High and Medium Sensitivity Information High sensitivity Store in locked, fire-resistant containers in secure location Medium sensitivity Store in locked containers in a secure location Ensure access is by authorized employees only Keep desktop and work area clear of all sensitive material when away Review Clean Desk Policy Control visitor access Escort visitors to and from the door Restrict use of boardroom by outside branches or entities

35 Safeguards Electronic Storage of High & Medium Sensitivity Information High sensitivity –Must store in encrypted form –Must test backup copies periodically to ensure recoverability Medium sensitivity –Must store under access control lists –Must use passwords in transmission Both High and Medium Use lock workstation feature (control/alt/delete) Set screensaver to automatically activate when computer not in use for a prescribed length of time Use screensaver password to re-enter session Log off computer nightly or when away for extended periods of time Enable auditing functions on servers and hard drives

36 Safeguards Disposal of High & Medium Sensitivity Information Physical Media: Shred paper documents using cross cut shredders Break or shred CD’s and DVD’s Use magnetic erasers (degaussers) for diskettes or tapes (don’t simply delete information and throw away) Know your retention schedules Ensure authorized ministry employee supervises removal and destruction of docs Keep a simple control log or records retention schedule log Ensure that the log reflects the date the information was destroyed

37 Safeguards Disposal of High & Medium Sensitivity Information Contact CSO to ensure the following mandatory tasks are performed : Electronic Media: Mandatory wiping of hard drives on leased equipment for ALL sensitivity levels Overwrite file space by approved method Remove all directory entries Delete backup files