Privacy risk management – by design

privacy

Image taken from: http://www.hoax-slayer.com

I’ve discussed the Privacy by Design (PbD) principle before, in the Inside Internal Control newsletter. In case you don’t know, PbD is an approach developed by Dr. Ann Cavoukian, the Privacy Commissioner of Ontario, which proactively embeds privacy protection by default in the design of an organization’s practices and products.

Now the commissioner has released a paper that discusses the integration of PbD principles into a Privacy Risk Management framework, built on the model of ISO 31000. The paper is aimed at organizations that already have privacy and risk management capabilities in place. As Dr. Cavoukian writes, “By embedding privacy into their existing risk management framework, they will be able to manage risks associated with the protection of personal information, in much the same fashion as any other business risk.”

You can find other useful papers on the Privacy by Design website.

And you can find confidentiality and privacy policies in all of First Reference’s Internal Control Library publications: Information Technology PolicyPro, Not-for-Profit PolicyPro and Finance and Accounting PolicyPro.

Colin Braithwaite
First Reference Internal Controls Managing Editor

Share

Related Posts

Imagen 1

The new age of workplace gossip – TMI!

I’ve discussed workplace gossip here before, and what bosses can do to prevent it or at least reduce the potential harm, but there are a couple of hyper-modern developments that I didn’t get into: reality television and the Internet. These two things have created a culture of “sharing”, for lack of a better word, that encourages people at play or work to divulge the most mundane and private details of their lives to others—the kind of information that one previously might only have shared with family or best friends.

Adam Gorley

Read more
Imagen 1

Employers discussing employee medical condition with other employees

In general, an employer, manager, supervisor or HR professional discussing an employee’s medical condition with other employees is just plain inappropriate…

Marie-Yosie Saint-Cyr, LL.B. Managing Editor

Read more
Imagen 1

Employer performed unauthorized credit checks on employees

I recently read an investigation report from the Alberta Office of the Information and Privacy Commissioner, where an employer made a big mistake and ended up violating the privacy of at least 25 employees.

Christina Catenacci, BA, LLB, LLM, PhD

Read more