Download presentation
Presentation is loading. Please wait.
Published byAustin Walker Modified over 8 years ago
1
BC Public Libraries November, 2008 Privacy Principles
2
Today Statutory Compliance Canada Private Sector Public Sector Personal Information Protection Basics of FOIPPA Case Study Privacy Protection Measures
3
The European Union EU Directive on Data Protection objectives: 1.Protect individual’s personal information 2.Ensure data may move freely within European market Export of data prohibited where no adequate protection
4
The United States No overall regime Sectoral legislation aimed at specific monitoring technologies and businesses Self-regulation preferred
5
Legislation regulating collection, use, disclosure & retention of personal information FederalProvincial PublicPrivacy ActFreedom of Information & Protection of Privacy Act (FOIPPA) PrivatePersonal Information Protection & Electronic Documents Act (PIPEDA) Personal Information Protection Act (PIPA) Canadian Landscape
6
“Fair information practices” From CSA Model Code, 1996 1. accountability 2. identifying purposes 3. consent 4. limiting collection 5. limiting use, disclosure, and retention 6. accuracy 7. safeguards 8. openness 9. individual access 10. challenging compliance
7
FOIPPA Who is Covered? BC government bodies ministries, Crown corporations, provincial agencies, boards, commissions Local public bodies local government, health authorities, municipalities, police boards, educational institutions (schools, colleges and universities), libraries Self governing professional bodies
8
Purpose of Legislation Right of Access to Information Subject to limited exceptions Protection of Personal Information Individuals have a right to protection from unauthorized collection, use and disclosure of personal information Practices and actions by public bodies may be reviewed by the Information & Privacy Commissioner
9
Collecting Personal Information When? May only collect if person consents, for law enforcement, or program requirement How? Directly, unless authorized (by person, commissioner or statute), medical, s. 33 – 36 (disclosure rules allow), award, debt collection, law enforcement Have to advise purpose, authority, contact information of privacy officer
10
Use of Personal Information Original purpose when collected Consistent purpose Written & informed consent Purpose for which it was disclosed to the public body under sections 33 to 36
11
Disclosing Personal Information Under access provisions Sections 33.1 and 33.2, including In/outside Canada consent, authorized or required by statute, debt collection, health & safety, system installation & upkeep Inside Canada original or consistent purpose, court order, common & integrated program, law enforcement Research or statistical purposes (s.35) Archival or historical purposes (s.36)
12
Storage & Access Must be in Canada, unless consent stored or accessed for purpose of disclosure under sections 33 to 36 Limited time necessary for installing, implementing, maintaining, repairing, trouble shooting or upgrading” a system data recovery following system failure
13
Retention of Personal Information Must retain personal information for at least one year if it was used to make a decision that directly affects the individual, so the individual has a reasonable opportunity to access it.
14
Information & Privacy Commissioner Office of the Legislature Independent and impartial expert Complaints Investigations
15
Questions? Do you have any questions before we proceed to the Case Study?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.