best practices for privacy protection
play

Best Practices for Privacy Protection Renee B Barrette Direct - PowerPoint PPT Presentation

Mar 19, 2024 •98 likes •528 views

Best Practices for Privacy Protection Renee B Barrette Direct ctor of r of Pol olicy City ty o of B Brampto ton Privacy Ev Event November 2 23, , 2017 Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information

  1. Best Practices for Privacy Protection Renee B Barrette Direct ctor of r of Pol olicy City ty o of B Brampto ton Privacy Ev Event November 2 23, , 2017 Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  2. Agenda • Who We Are • Legislative Requirements for Privacy • Privacy Risks and How to Mitigate Privacy Risks • Recent Privacy Investigations Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  3. Who We Are Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  4. IPC Mandate and Role Established in 1988 Commissioner is appointed by and reports to Legislative Assembly MISSI SSION : We champion and uphold the public’s right to know and to privacy MAND NDATE : o resolve access to information appeals and privacy complaints o review and approve information practices o conduct research, deliver education and guidance on access and privacy issues o comment on proposed legislation, programs and practices Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  5. IPC’s Legislation • Freedom of Information and Protection of Privacy Act ( FIPPA ) • over 300 provincial institutions such as ministries, provincial agencies, boards, commissions, community colleges and universities • Municipal Freedom of Information and Protection of Privacy Act ( MFIPPA ) • over 1,200 organizations such as municipalities, police, school boards, conservation authorities, transit commissions • Personal Health Information Protection Act ( PHIPA ) • individuals and organizations involved in delivery of health care services, including hospitals, pharmacies, laboratories, doctors, dentists and nurses Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  6. MFIPPA The purposes of MFIPPA are: • to provide a a ri right o of f acce access to i information under the control of institutions in accordance with the principles that o information should be available to the public o access exemptions should be limited and specific o access decisions should be reviewed independently of government • to protect ect t the e privacy acy o of i individual als with respect to personal information about themselves held by institutions and to provide individuals with a right of access to that information Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  7. Legislative Requirements for Privacy Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  8. Fair Information Practices • Accountability • Accuracy • Identifying Purposes • Safeguards • Consent • Openness • Limiting Collection • Individual Access • Limiting Use, Disclosure, • Challenging Compliance Retention Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  9. Key Obligations under MFIPPA • legal authority to collect • data minimization • notice to data subjects • retention • safeguards • give person access to their own PI Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  10. Personal Information • Personal information is any re record rded information t that i is identifiable t to a an individual • The act lists examples of personal information • This fact sheet provides guidance about how the IPC interprets the term “personal information” Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  11. What is a record? A record is any r record o of i information h however er r recorded ed, whether in printed form, on film, by electronic means or otherwise and includes, for example: • correspondence • memorandum • plans • maps • drawings, diagrams, pictorial or graphic work • photographs, film, microfilm, sound records, videotape Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  12. Privacy Obligations Under MFIPPA MFIPPA sets out rules for the collection , use , and disclosure of personal information You can only disclose personal To collect personal You can only use personal information: information, it must be: information for: • with consent • expressly authorized by • the purpose it was collected statute • for a consistent purpose • a consistent purpose or with • used for the purposes of law consent (preferably • to comply with legislation enforcement, or in writing) • for law enforcement • necessary to the proper • for health and safety reasons administration of a lawfully authorized activity • for compassionate reasons Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  13. Privacy Obligations Under MFIPPA Cont’d Cont’d Security of Personal Information rules Information must be No use unless Information must be retained protected • accurate • if used by an institution, • it must be protected it must be retained for from inadvertent • up to date at least on year disclosure and unauthorized access Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  14. Privacy Risks and Risk Mitigation Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  15. Total Privacy Complaints Opened Per Year 277 277 350 350 266 266 300 300 250 250 170 170 200 200 150 150 100 100 50 50 0 2006 2006 2011 2011 2016 2016 Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  16. Privacy Breach A privacy breach occurs when personal information is collected, retained, and used or disclosed in ways that are not in accordance with MFIPPA Among the most common breaches of personal privacy is the unauthorized disclosure of personal information, such as: - sending communications to the wrong recipient due to human error - improper records destruction procedures - loss or theft of unsecured electronic devices, such as laptop computers, digital cameras, or portable storage devices (USB sticks) - unauthorized access (snooping, hacking) Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

  17. Snooping into records Harms caused by personal information snooping: • discrimination, stigmatization, psychological or economic harm • individuals withholding or falsifying information • loss of trust or confidence in the public system • cost and time in dealing with privacy breaches • legal liabilities and proceedings Sanctions for unauthorized access can include: • investigation by privacy oversight bodies • prosecution for offences • statutory or common law actions • discipline by employers • discipline by regulatory bodies Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca Information and Privacy Commissioner of Ontario | www.ipc.on.ca

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

International Workshop on Spatial and Temporal Modeling from Statistical, Machine Learning and Engineering perspectives:STM2016 23 July 2016 Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy Protection

1.35k views • 79 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles principles Engineering & Public Policy Lorrie Faith Cranor & Rebecca Balebako y & c S a e v c i u r P r i t e

823 views • 24 slides
Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles principles Engineering & Public Policy Lorrie Faith Cranor September 11, 2014 y & c S a e v c i u r P r i t e y l b

815 views • 28 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service Automotive Industry Privacy Principles Nov. 12, 2014 Auto Alliance and Global Automakers come together to create a set of privacy principles

419 views • 20 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection Defending Privacy Empowerment Protection Transparency Firms must always Informed consent secure personal data Consumer law Empowerment Protection

543 views • 10 slides
Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Introduction Syntax Semantics Example Outlook Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection Schleswig-Holstein 26th of July 2010 www.ietf.org/id/draft-koenig-privicons-00.txt Ulrich

225 views • 10 slides
Legal Compliance: ADA Best Practices and Privacy Rights Erika Geetter, Esq. Boston University

Legal Compliance: ADA Best Practices and Privacy Rights Erika Geetter, Esq. Boston University

Legal Compliance: ADA Best Practices and Privacy Rights Erika Geetter, Esq. Boston University November 4, 2011 ADA Best Practices and Privacy Rights 4/24/2013 Laws that Relate to Students with Disabilities Section 504 of the

497 views • 39 slides
Questions to panel members and for the general debate in the afternoon Fernand Sauer, Former

Questions to panel members and for the general debate in the afternoon Fernand Sauer, Former

Questions to panel members and for the general debate in the afternoon Fernand Sauer, Former executive director of the EMA Main q uestions to the panel and for the afternoon session 1. How could the Agency make it more attractive for experts

869 views • 7 slides
Agenda for FSY2020-2021 Thank You to FS President Ambrose O. Anoruo Welcome Remarks Our

Agenda for FSY2020-2021 Thank You to FS President Ambrose O. Anoruo Welcome Remarks Our

Agenda for FSY2020-2021 Thank You to FS President Ambrose O. Anoruo Welcome Remarks Our Faculty Senate Constitutional Mandates Online Elections New Business 1 In appreciation of Dr. Ambrose O. Anoruo for his service as

158 views • 15 slides
ENABLING POLICY AND REGULATORY ENVIRONMENTS ITU ASIA-PACIFIC REGIONAL DEVELOPMENT FORUM 2018

ENABLING POLICY AND REGULATORY ENVIRONMENTS ITU ASIA-PACIFIC REGIONAL DEVELOPMENT FORUM 2018

ENABLING POLICY AND REGULATORY ENVIRONMENTS ITU ASIA-PACIFIC REGIONAL DEVELOPMENT FORUM 2018 MAY 21-22, BANGKOK Mila Romanoff, Privacy and Legal Specialist, UN Global Pulse, EOSG UN Global Pulse is an innovation initiative of the Executive

308 views • 12 slides
Presented by: Bruce J. Toews, CPA, MBA Assoc. Professor of Accounting/Finance Walla Walla

Presented by: Bruce J. Toews, CPA, MBA Assoc. Professor of Accounting/Finance Walla Walla

Presented by: Bruce J. Toews, CPA, MBA Assoc. Professor of Accounting/Finance Walla Walla University June 12 and 13, 2012 Brought to you by: A Learning Center for Nonprofits Sponsored by: The Sherwood Trust & Walla Walla Community

455 views • 41 slides
THE INSURANCE ACT 2015 Alice Nash The basics Marine Insurance Act 1906 designed to

THE INSURANCE ACT 2015 Alice Nash The basics Marine Insurance Act 1906 designed to

September 15 THE INSURANCE ACT 2015 Alice Nash The basics Marine Insurance Act 1906 designed to protect insurers from exploitation by the insured. Law Commission started review in 2006. Consultation papers in 2011 and 2012

197 views • 6 slides
Indemnification in Mergers and Acquisitions Whats Market? Etahn M. Cohen Sugar &

Indemnification in Mergers and Acquisitions Whats Market? Etahn M. Cohen Sugar &

Indemnification in Mergers and Acquisitions Whats Market? Etahn M. Cohen Sugar & Felsenthal LLP Chicago Bar Association, February 2008 Why is Market Important? Facilitates agreement Powerful argument against aberrant provisions

624 views • 36 slides
INSURANCE ACT DUTY OF FAIR PRESENTATION OF RISK BY ANDRE MEIJER WELCOME (1) My name is

INSURANCE ACT DUTY OF FAIR PRESENTATION OF RISK BY ANDRE MEIJER WELCOME (1) My name is

21 June INSURANCE ACT DUTY OF FAIR PRESENTATION OF RISK BY ANDRE MEIJER WELCOME (1) My name is Andre Meijer Insurance Act 2015 - looks like a boring legal and insurance subject I wont take you deeply into small text of Laws

571 views • 27 slides
Disclaimer The information provided in this presentation has been prepared on a summary basis.

Disclaimer The information provided in this presentation has been prepared on a summary basis.

11/27/2018 2018 Fall Corporate Counsel Seminar KEY ISSUES IN COMMERCIAL CONTRACTS Presented by Douglas C. Waddoups Disclaimer The information provided in this presentation has been prepared on a summary basis. This presentation is not

332 views • 11 slides

More recommend