Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access & Privacy It’s Everybody’s Business Renée Pendergast Manager, Access to Information Office Department of Justice October 6, 2008.

Published byEarl Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "Access & Privacy It’s Everybody’s Business Renée Pendergast Manager, Access to Information Office Department of Justice October 6, 2008."— Presentation transcript:

1 Access & Privacy It’s Everybody’s Business Renée Pendergast Manager, Access to Information Office Department of Justice October 6, 2008

2 Overview What is Access to Information ? ATIPP & Information Management What is Personal Information & Privacy? What is a Privacy Breach? –What to do? Privacy Tips & Best Practices –Collection –Use –Disclosure –Safeguards and Security

3 “Privacy is like oxygen. We really appreciate it only when it is gone” Charles J Sykes Hoover Institution

4 Access to Information Increases Openness and Accountability of Organizations Access to InformationAccess to Information Public right of access to certain records Specific and limited exceptions to access as subject to legislation (ATIPP, PIPEDIA) Protection of PrivacyProtection of Privacy Individual right of access to & correction of their own personal information Prevention of unauthorized collection, use and disclosure of personal information

5 “Woman finds freedom laws means no free men” When the London government introduced its new freedom of information laws, Angel Wright took advantage of it as a chance to find an unattached man in uniform. Wright sent an email to her local police force asking about "eligible bachelors within the Hampshire constabulary between the ages of 35 and 49 and requesting details of their email addresses, salary details and pension values", Hampshire police said the names and addresses were personal information and exempt from the new law which came into force. They were prepared to tell her however, that the Hampshire force had 266 eligible bachelors, of whom 201 were in uniform. "I was amazed that I was told that the information could not be practically released," said Wright, adding she had two reasons for making her request. "The first was to amuse the (freedom of information) team, and the second was to see what response I could get from them” © Reuters 2005. All Rights Reserved

6 ATIPP & Information Management IM cultural shift – ATIPP related Good IM practices a necessity for a successful ATIPP strategy Records easier to retrieve for ATIPP requests Authorized disposals reduce time spent reviewing records that are non-responsive IM policies re-establish public’s trust in organizations Cases that have influenced information sharing Burnardo Case Turner Case

7 What is Personal Information & Privacy? Recorded information about an identifiable individual, including: –Name, address and telephone number –Race, ethnicity, religious or political beliefs –Age, sex, sexual orientation, marital status –Health, financial, and educational information –Criminal history, fingerprints, DNA –Personal views or opinions –Identifying number (Drivers License, SIN, Passport, MCP)

8 Real Life Hollywood

9 Privacy Legislation PIPEDA - the Personal Information Protection and Electronic Documents Act. (Federal Act) ATIPPA - Access to Information and Protection of Privacy Act - Part IV. (Provincial Act of NL & Lab)

10 Access vs.Privacy Access issues generate reactive responses by Public bodies and organizations. Privacy issues require Public bodies and organizations to be proactive in order to ensure protection of private information.

11 Collection, Use & Disclosure Personal Information –Collection Should have authority to collect it Collect directly from the individual –Provide a Privacy Notice (Privacy Statement or Disclaimer) –Obtain Consent where appropriate Protect personal information once you have collected it –Use Only use personal information for the purpose in which it was collected Protect personal information when you’re using it –Disclosure Have authority to disclose –Obtain Consent from individual –Public safety over-ride Protect personal information when you’re disclosing it

12 What is a Privacy Breach? Any unauthorized collection, use, disclosure or disposal of personal info Breaches may be accidental or deliberate Breaches may be one-off occurrences or systematic failures Often breaches are unpredictable

13 Privacy Breaches cont. Most common breaches are inappropriate disclosure of personal information: Personal information FAXED or MAILED to the wrong person Laptop stolen from a car / workplace/home Unauthorized access to computer systems Privacy Breaches can cause significant harm to individuals, including: embarrassment or harm to reputation higher risk of identity theft or financial theft safety may be compromised Consequences of a Privacy Breach for organizations Communications / Media Expenses incurred to investigate breach

14 Examples of Privacy Breaches HomeSense / Winners (Jan. 2007) –hackers access credit information CIBC / Talvest Mutual Funds (Jan. 2007) –backup computer file disappeared while “in transit” between offices NL Public Health Lab (Nov. 2007) –consultant brought home PC and exposed personal data after installing a file sharing program UK Government (Nov. 2007) –Child benefit information of 25 million people, contained on 2 discs, sent by unsecured mail, but never arrived –Information included DOB, Bank Accounts, National Insurance Numbers, Addresses

15 Privacy Breach – What to Do? 1. Contain the breach 2. Report privacy breaches to Management and Executive 3. Evaluate risk and Notify affected individuals 4. Investigate the breach – How did it happen? 5. Establish policies to prevent the breach from happening again – Risk mitigation strategies, procedures, training etc..

16 Renee’s Top Ten Privacy Tips Ensure you use a “Proof of Authority” if someone else is acting on behalf of another individual Encourage a privacy-friendly culture Follow proper Records Management Practices Records containing personal information should be shredded, not recycled Check trash in common areas File paper records on a regular basis daily Maintain a clean desk policy Retrieve photocopies and faxes immediately from common areas Lock doors and cabinets when you leave your office

17 Privacy Tips cont’ Always lock your workstation when away from your computer (Automatically) Encrypt sensitive files on laptops and avoid emailing personal information Use strong passwords (numbers/letter combinations) on all electronic systems Use encrypted USB Drives Never leave a laptop unattended (locked in a car) Destroy hard drives, CDs before discarding them Clear stored contents of printers, faxes, scanners

18 Questions /Comments ?? Thank you!

Download ppt "Access & Privacy It’s Everybody’s Business Renée Pendergast Manager, Access to Information Office Department of Justice October 6, 2008."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Privacy and Confidentiality at Mohawk College Good afternoon: Now I know that you have been waiting for this topic, but I would ask that you keep.

Privacy and Confidentiality at Mohawk College Good afternoon: Now I know that you have been waiting for this topic, but I would ask that you keep.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.

WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
1 If You Are Me, Then Who Am I? Tips on Identity Theft Prevention California Office of Privacy Protection.

1 If You Are Me, Then Who Am I? Tips on Identity Theft Prevention California Office of Privacy Protection.
VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.
Managing Your Credit 2014/2015 Office of Student Financial Assistance.

Managing Your Credit 2014/2015 Office of Student Financial Assistance.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Protecting the Confidentiality of Social Security Numbers Business Procedures Memorandum 66 Revised November 1, 2006 The University of Texas System.

Protecting the Confidentiality of Social Security Numbers Business Procedures Memorandum 66 Revised November 1, 2006 The University of Texas System.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

Similar presentations

Ads by Google