Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy & Access to Information

Published byAnn Newman Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy & Access to Information"— Presentation transcript:

1 Privacy & Access to Information
ICT Support Services February 2018 Rayelle Johnston, Access and Privacy Officer

2 Legislation and Policy
The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) Policies Freedom of Information and Protection of Privacy Data Management Computer Use Management of University Records Information Security

3 Other Compliance Legislated reporting requirements
Funding agency requirements Contractual requirements Confidentiality Reporting

4 Access to Information Any person Any record Limited exemptions
With application form and fee Any record Limited exemptions Others’ personal information (including child or family member), certain financial and third party information Time limits Informal/formal processes

5 Privacy Protection of personal information
Any information in our custody or control about an identifiable individual is protected Except – certain employment information about university employees; the degrees awarded by the university Can only be used and disclosed in accordance with the Act Rules around collection, use, and disclosure Consent – express or implied Without consent in very limited circumstances

6 Privacy Limited collection
Shall not collect personal information unless the information is collected for a purpose that relates to an existing or proposed program or activity of the university Personal information should generally be collected from the individual to whom it relates, with informed consent Need to ensure personal information is accurate and complete Need to know vs. nice to know

7 Privacy Use and disclosure
Shall not use or disclose personal information without express consent, except: With implied consent - “for the purpose for which the information was obtained or compiled by the university or for a use that is consistent with that purpose” Without consent in very limited circumstances As required or permitted by law Protection of mental or physical health or safety Public interest outweighs invasion of privacy or a clear benefit to the individual – high bar and rarely relied on Where the information is otherwise publicly available

8 Privacy Steps to considering use and disclosure of PI
Should we be collecting the information in the first place? Do we have express consent to use or disclose the information in the manner or for the purpose proposed? Do we have implied consent? Can we do it without consent? If we can use or disclose, what it the best way to do so? Best practices, other laws (eg. CASL), university policy and other compliance requirements (contracts, etc.)

9 Privacy Breach Improper collection Improper use or disclosure
intentional or unintentional, malicious or not Privacy breach response guidelines Contain Notify Investigate Mitigate Report

10 Important Changes Duty to Protect Outsourcing – IMSPs
Mandatory Breach Notification Penalties

11 Duty to Protect Administrative safeguards Technical safeguards
Policies, procedures, guidelines Appropriate contracts with service providers Technical safeguards Encryption, role-based access, secured connections, password protected mobile devices Physical safeguards Lock doors, filing cabinets, don’t leave files/laptops in car

12 Penalties Institution: 1 year in prison and/or $50,000 fine
New – Individuals who wilfully access or use personal information that is not reasonably required to carry out an authorized purpose (snooping): 1 year in prison and/or $50,000 fine

13 Contact & Other Resources
Access and Privacy Office Rayelle Johnston Saskatchewan Information and Privacy Commissioner

14 Contact & Other Resources
Internal Resources Access and Privacy Officer FOIP Liaisons (coming soon!) University Archives – records management policy and records retention schedules Research Services and Ethics Office Legal Services Data Classification, Data Stewards and Data Dictionary Technology Assessment Team

15 Questions?

Download ppt "Privacy & Access to Information"

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Confidentiality and HIPAA

Confidentiality and HIPAA
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.

 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Presentation by Mark Grady Vancouver Island University June 13, 2012.

Presentation by Mark Grady Vancouver Island University June 13, 2012.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.

The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Health Insurance Portability & Accountability Act of 1996.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.

Similar presentations

Ads by Google