Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy principles Individual written policies

Published byKristopher Clark Modified over 6 years ago

Similar presentations

Presentation on theme: "Privacy principles Individual written policies"— Presentation transcript:

1 Privacy principles Individual written policies
Section 5 - Privacy Privacy principles Individual written policies

2 Privacy Act (1985) The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

3 Privacy and CF CF Canada Financial will endeavor to respect and maintain the privacy and confidentiality of all personal information collected as part of the requirements of conducting our Insurance and Financial business. We will abide by the ten principles of privacy as quoted in the guidelines by the Office of the Privacy Commissioner. Further, we will follow our documented Complaint Handling Procedures to resolve any complaint, issue, and grievance. Where appropriate, if the complaint involves allegations of serious misconduct, breach of privacy or is a legal action, CF Canada Financial’s Compliance Department will make senior management aware of the complaint. In all such cases, if the complaint involves (a) the business of one of CF’s contracted Product Provider Companies or (b) the suitability of the contracted advisor, CF will notify the Provider Company Compliance Department about the complaint An organization is responsible for the protection of personal information and the fair handling of it at all times, throughout the organization and in dealings with third parties. Care in collecting, using and disclosing personal information is essential to continued consumer confidence and good will.

4 What is Personal Information?
(a) information relating to the race, national or ethnic origin, colour, religion, age or marital status of the individual, (b) information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved, (c) any identifying number, symbol or other particular assigned to the individual, (d) the address, fingerprints or blood type of the individual, (e) the personal opinions or views of the individual except where they are about another individual or about a proposal for a grant, an award or a prize to be made to another individual by a government institution or a part of a government institution specified in the regulations, (f) correspondence sent to a government institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to such correspondence that would reveal the contents of the original correspondence, (g) the views or opinions of another individual about the individual, (h) the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the individual by an institution or a part of an institution referred to in paragraph (e), but excluding the name of the other individual where it appears with the views or opinions of the other individual, and (i) the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual

5 The 10 Principles 1. Accountability 2. Identifying purposes 3. Consent 4. Limiting collection 5. Limiting use, disclosure, and retention 6. Accuracy 7. Safeguards 8. Openness 9. Individual access 10. Challenging compliance

6 Accountability (1) Be accountable Your responsibilities:
Comply with all 10 of the principles of Schedule 1. Appoint an individual (or individuals) to be responsible for your organization's compliance. Protect all personal information held by your organization or transferred to a third party for processing. Develop and implement personal information policies and practices.

7 Identifying Purpose (2) Your organization must identify the reasons for collecting personal information before or at the time of collection Your responsibilities: Before or when any personal information is collected, identify why it is needed and how it will be used. Document why the information is collected. Inform the individual from whom the information is collected why it is needed. Identify any new purpose for the information and obtain the individual’s consent before using it.

8 Consent (3) Obtain consent Your responsibilities:
Inform the individual in a meaningful way of the purposes for the collection, use or disclosure of personal data. Obtain the individual's consent before or at the time of collection, as well as when a new use is identified.

9 Limiting Collection (4) Limit collection Your responsibilities:
Do not collect personal information indiscriminately. Do not deceive or mislead individuals about the reasons for collecting personal information.

10 Limiting Use, Disclosure and Retention
(5) Limit use, disclosure, and retention Your responsibilities: Use or disclose personal information only for the purpose for which it was collected, unless the individual consents or the use or disclosure is authorized by the Act. Keep personal information only as long as necessary to satisfy the purposes. Put guidelines and procedures in place for retaining and destroying personal information. Keep personal information used to make a decision about a person for a reasonable time period. This should allow the person to obtain the information after the decision and pursue redress. Destroy, erase or render anonymous information that is no longer required for an identified purpose or a legal requirement.

11 Accuracy (6) Be accurate Your responsibilities:
Minimize the possibility of using incorrect information when making a decision about the individual or when disclosing information to third parties.

12 Safeguards (7) Use appropriate safeguards Your responsibilities:
Protect personal information against loss or theft. Safeguard the information from unauthorized access, disclosure, copying, use or modification. Protect personal information regardless of the format in which it is held. Encript electronic devices Cloud usage discussion CF Virtgate Google, Microsoft, etc.

13 Openness (8) Be open Your responsibilities:
Inform customers, clients, and employees that you have policies and practices for the management of personal information. Make these policies and practices understandable and easily available.

14 Individual Access (9) Give individuals access Your responsibilities:
When requested, inform individuals if you have any personal information about them. Explain how it is or has been used and provide a list of any organizations to which it has been disclosed. Give individuals access to their information. Correct or amend any personal information if its accuracy and completeness are challenged and found to be deficient. Provide a copy of the information requested, or reasons for not providing access, subject to exceptions set out in Section 9 of the Act (see page 18). An organization should note any disagreement on file and advise third parties where appropriate.

15 Challenging Compliance
(10) Provide recourse Your responsibilities: Develop simple and easily accessible complaint procedures. Inform complainants of their avenues of recourse. These include your organization's complaint procedures, those of industry associations, regulatory bodies and the Office of the Privacy Commissioner of Canada. Investigate all complaints received. Take appropriate measures to correct information handling practices and policies. Create robust procedures to handle privacy breaches

16 Requirement for Individual Written Policies
Initial Paperwork Risk Assessment Training Attendance

17 Thank you! ANY QUESTIONS?

18 Section 6 – Privacy Breaches
What is a Privacy Breaches? - improper or unauthorized collection, use, disclosure, retention or disposal of personal information. - may occur within an institution or off-site and may be the result of inadvertent errors or malicious by employees, third parties, partners in information-sharing agreements or intruders.

19 Section 6 – Privacy Breaches
Breach Containment - Establish procedures, plans to address privacy breaches - Sharing of lessons learned

20 Section 6 – Privacy Breaches
Preliminary Assessment - Use forms to assist with the initial investigation - Identifying involved parties whose personal information has been wrongfully disclosed or accessed, or lost - Notifying Access to Information and Privacy (ATIP), Department Security Officer (DSO)

21 Section 6 – Privacy Breaches
Evaluate the Risks - Intrusions to Data Network System, potential redirect to malicious web site - use of unauthorized personal information lead to legal litigation, financial loss

22 Section 6 – Privacy Breaches
Notification - Description of the incident, including date and time - Source of the breach - List of the personal information that has been or may have been comprised

23 Section 6 – Privacy Breaches
Prevention of Future Breaches - Follow the requirements of the Policy on Government Security (PGS) issued by the Treasury Board of Canada Secretariat (TBS). The Royal Canadian Mounted Police (RCMP) - Conduct Privacy Impact Assessment (PIAs) and Threat and Risk Assessments (TRAs) in accordance with the Directive on Privacy Impact Assessment - Regular ongoing training to employees, managers and executives

24 Thank You

Download ppt "Privacy principles Individual written policies"

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Presentation by Mark Grady Vancouver Island University June 13, 2012.

Presentation by Mark Grady Vancouver Island University June 13, 2012.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Overview of Engagement – Under the terms of this engagement, the Advisor will provide advice in the areas checked below. Investment Management – Develop.

Overview of Engagement – Under the terms of this engagement, the Advisor will provide advice in the areas checked below. Investment Management – Develop.
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Similar presentations

Ads by Google