Presentation is loading. Please wait.

Presentation is loading. Please wait.

BC Public Libraries November, 2008 Privacy Principles.

Similar presentations


Presentation on theme: "BC Public Libraries November, 2008 Privacy Principles."— Presentation transcript:

1 BC Public Libraries November, 2008 Privacy Principles

2 Today Statutory Compliance Canada Private Sector Public Sector Personal Information Protection Basics of FOIPPA Case Study Privacy Protection Measures

3 The European Union EU Directive on Data Protection objectives: 1.Protect individual’s personal information 2.Ensure data may move freely within European market Export of data prohibited where no adequate protection

4 The United States No overall regime Sectoral legislation aimed at specific monitoring technologies and businesses Self-regulation preferred

5 Legislation regulating collection, use, disclosure & retention of personal information FederalProvincial PublicPrivacy ActFreedom of Information & Protection of Privacy Act (FOIPPA) PrivatePersonal Information Protection & Electronic Documents Act (PIPEDA) Personal Information Protection Act (PIPA) Canadian Landscape

6 “Fair information practices” From CSA Model Code, 1996 1. accountability 2. identifying purposes 3. consent 4. limiting collection 5. limiting use, disclosure, and retention 6. accuracy 7. safeguards 8. openness 9. individual access 10. challenging compliance

7 FOIPPA Who is Covered? BC government bodies  ministries, Crown corporations, provincial agencies, boards, commissions Local public bodies  local government, health authorities, municipalities, police boards, educational institutions (schools, colleges and universities), libraries Self governing professional bodies

8 Purpose of Legislation Right of Access to Information Subject to limited exceptions Protection of Personal Information Individuals have a right to protection from unauthorized collection, use and disclosure of personal information Practices and actions by public bodies may be reviewed by the Information & Privacy Commissioner

9 Collecting Personal Information When? May only collect if person consents, for law enforcement, or program requirement How? Directly, unless authorized (by person, commissioner or statute), medical, s. 33 – 36 (disclosure rules allow), award, debt collection, law enforcement Have to advise purpose, authority, contact information of privacy officer

10 Use of Personal Information Original purpose when collected Consistent purpose Written & informed consent Purpose for which it was disclosed to the public body under sections 33 to 36

11 Disclosing Personal Information Under access provisions Sections 33.1 and 33.2, including In/outside Canada  consent, authorized or required by statute, debt collection, health & safety, system installation & upkeep Inside Canada  original or consistent purpose, court order, common & integrated program, law enforcement Research or statistical purposes (s.35) Archival or historical purposes (s.36)

12 Storage & Access Must be in Canada, unless consent stored or accessed for purpose of disclosure under sections 33 to 36 Limited time necessary for installing, implementing, maintaining, repairing, trouble shooting or upgrading” a system data recovery following system failure

13 Retention of Personal Information Must retain personal information for at least one year if it was used to make a decision that directly affects the individual, so the individual has a reasonable opportunity to access it.

14 Information & Privacy Commissioner Office of the Legislature Independent and impartial expert Complaints Investigations

15 Questions? Do you have any questions before we proceed to the Case Study?


Download ppt "BC Public Libraries November, 2008 Privacy Principles."

Similar presentations


Ads by Google