Privacy risk management – by design

privacy

Image taken from: http://www.hoax-slayer.com

I’ve discussed the Privacy by Design (PbD) principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.

Now the commissioner has released a paper that discusses the integration of PbD principles into a Privacy Risk Management framework, built on the model of ISO 31000. The paper is aimed at organizations that already have privacy and risk management capabilities in place. As Dr. Cavoukian writes, “By embedding privacy into their existing risk management framework, they will be able to manage risks associated with the protection of personal information, in much the same fashion as any other business risk.”

You can find other useful papers on the Privacy by Design website.

And you can find confidentiality and privacy policies in all of First Reference’s Internal Control Library publications: Information Technology PolicyPro, Not-for-Profit PolicyPro and Finance and Accounting PolicyPro.

Colin Braithwaite
First Reference Internal Controls Managing Editor

confidentiality
employee personal information
PbD
PbD principles
personal information
privacy
privacy and risk management
privacy by design
Privacy Commissioner
privacy legislation
Share

Related Posts

Imagen 1

Disclosing persons with a history of violence

The Ontario Occupational Health and safety Act violence and harassment prevention provisions (Bill 168) require employers to provide information, including personal information, about a person with a history of violent behaviour if:

Marie-Yosie Saint-Cyr, LL.B. Managing Editor

Read more
Imagen 1

The new age of workplace gossip – TMI!

I’ve discussed workplace gossip here before, and what bosses can do to prevent it or at least reduce the potential harm, but there are a couple of hyper-modern developments that I didn’t get into: reality television and the Internet. These two things have created a culture of “sharing”, for lack of a better word, that encourages people at play or work to divulge the most mundane and private details of their lives to others—the kind of information that one previously might only have shared with family or best friends.

Adam Gorley

Read more
Imagen 1

Superior court refuses employer’s request for injunction

In yet another example of the reluctance of the Ontario Superior Court to restrict competitive activities of former employees, the Court rejected an employer’s request for an injunction…

Earl Altman

Read more