520 likes | 747 Vues
Office of the Information & Privacy Commissioner for British Columbia. Protecting privacy. Promoting transparency . VIU Workshop: Creating a Culture of Privacy Awareness. June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator . Agenda. Protection of Privacy 60 minutes
E N D
Office of theInformation & PrivacyCommissionerfor British Columbia Protecting privacy. Promoting transparency. VIU Workshop:Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator
Agenda Protection of Privacy 60 minutes Privacy Quiz 5 minutes Coffee/Tea Break 10 minutes FIPPA Basics 25 minutes Question Period 20 minutes Exam 20 minutes Office of the Information & Privacy Commissionerfor British Columbia
VIU Privacy Policies Office of the Information & Privacy Commissionerfor British Columbia Arriving Soon!
Privacy Breaches Not a question of IF But a question of WHEN & HOW BIG Office of the Information & Privacy Commissionerfor British Columbia
Common Privacy Breaches • Stolen laptops or local hard drives • Lost or stolen documents • Blowing out of garbage trucks • Lost, stolen or misplaced recycling bins • Files on car roofs • Inappropriate or unauthorized behaviour • Browsing database • Blogs • Inadvertent disclosures • Mailing system errors • Faxing errors Office of the Information & Privacy Commissionerfor British Columbia
Protecting PI Outside off Campus Office of the Information & Privacy Commissionerfor British Columbia
F12-02U of Vic Investigation Report Importance of a Privacy Management Framework & Encryption Office of the Information & Privacy Commissionerfor British Columbia
Layering Approach to Security Office of the Information & Privacy Commissionerfor British Columbia
Social Media Background Checks Office of the Information & Privacy Commissionerfor British Columbia
Issues with Social Media Background Checks • Accuracy • Collecting irrelevant or too much information • Overreliance on consent • Third party information Office of the Information & Privacy Commissionerfor British Columbia
Before you check…remember • Personal information you collect is subject to FIPPA • Consider less intrusive ways to meet your purpose • Assess the risks • Ensure you have authority to collect • Develop policies and procedures to address risks • Be prepared to respond to requests for access, correction or for withdrawal of consent Office of the Information & Privacy Commissionerfor British Columbia
… don’t • Wait until after you check to assess the risks • Assume you are only collecting information about one person • Assume that the information will be accurate • Use a personal account to perform the check • Ask a 3rd party to do the check • Think the person will not find out Office of the Information & Privacy Commissionerfor British Columbia
What is Cloud Computing? Office of the Information & Privacy Commissionerfor British Columbia
Weighing Your Options Office of the Information & Privacy Commissionerfor British Columbia
Cloud Computing: Issues Office of the Information & Privacy Commissionerfor British Columbia
Office of the Information & Privacy Commissionerfor British Columbia What should you ask your prospective cloud provider?
What should you ask yourself? Office of the Information & Privacy Commissionerfor British Columbia
Privacy Emergency Kit • What data can VIU share during an emergency? Office of the Information & Privacy Commissionerfor British Columbia
VIU Alumni Association’s Use of PI Office of the Information & Privacy Commissionerfor British Columbia
Sharing PI between VIU Departments Office of the Information & Privacy Commissionerfor British Columbia
Sharing Health Information Office of the Information & Privacy Commissionerfor British Columbia
PIAs & Self-Generated Research Office of the Information & Privacy Commissionerfor British Columbia
S. 35 of FIPPA Research Agreements Office of the Information & Privacy Commissionerfor British Columbia
Sharing Students’ Email Addresses Office of the Information & Privacy Commissionerfor British Columbia
Privacy Quiz Time! Office of theInformation & PrivacyCommissionerfor British Columbia Protecting privacy. Promoting transparency. Presented by: Justin Hodkinson, Investigator
1. What does P.I.A. really mean? Office of the Information & Privacy Commissionerfor British Columbia
2. Where can you store personal information? Office of the Information & Privacy Commissionerfor British Columbia
3. Retention Office of the Information & Privacy Commissionerfor British Columbia
4. Who are you gonna call? Office of the Information & Privacy Commissionerfor British Columbia
5. Speed Round The Dean of the Business Department approaches you, the Registrar, & asks for a student’s home address. The Dean explains that she has reason to believe that the student is about to commit suicide & she wants to warn the student’s older sister, who still lives with their parents. How would you respond to this request for student information?
Web Cam & • VideoSurveillance Office of the Information & Privacy Commissionerfor British Columbia
More Information Video Surveillance: http://www.oipc.bc.ca/news/rlsgen/Video_Surveillance_Guidelines(March2008).pdf Social Media Background checks: http://www.oipc.bc.ca/pdfs/private/Guidelines-SocialMediaBackgroundChecks.pdf Cloud Computing: http://www.oipc.bc.ca/pdfs/private/Cloud_computing_for_SMEs_guidance_document.pdf Office of the Information & Privacy Commissionerfor British Columbia
Office of the Information & Privacy Commissionerfor British Columbia
FOI ACCESS Office of the Information & Privacy Commissionerfor British Columbia
10 Principles for Privacy Compliance Challenging compliance Give access Be open Use appropriate safeguards Be accurate Limit retention Limit collection, use, disclosure Obtain consent Identify the purpose Be accountable
About the OIPC… • Independent office of the Legislature • Oversees privacy and access issues in the public (FIPPA) and private sector (PIPA) • Power to investigate, mediate & adjudicate • Guidelines, public education &reports Office of the Information & Privacy Commissionerfor British Columbia
Role of the OIPC Office of the Information & Privacy Commissionerfor British Columbia
What is“personal • information” ? • Information that can identify an individual: name, address, phone number, ID number. • Information about an identifiable individual: physical description, educational qualifications, blood type. Office of the Information & Privacy Commissionerfor British Columbia
Access basics • Anyone can ask for their own personal information • Student can ask for exam questions but VIU will not disclose them • Must remove certain information • May remove other information Office of the Information & Privacy Commissionerfor British Columbia
What is purpose of FIPPA? FIPPA passed in 1992 - Purposes of this Act 2 (1) The purposes of this Act are to make public bodies more accountable to the public and to protect personal privacy by (a) giving the public a right of access to records, (b) giving individuals a right of access to, and a right to request correction of, personal information about themselves, (c) specifying limited exceptions to the rights of access (d) Preventing the unauthorized collection, use or disclosure of personal information by public bodies, … Office of the Information & Privacy Commissionerfor British Columbia
Duty to Assist Applicants Office of the Information & Privacy Commissionerfor British Columbia
Access Request Basics Office of the Information & Privacy Commissionerfor British Columbia
Employee Records & Investigations Office of the Information & Privacy Commissionerfor British Columbia
Time Limits Office of the Information & Privacy Commissionerfor British Columbia
Reasons for Extensions Office of the Information & Privacy Commissionerfor British Columbia
Safeguarding basics Security Practices Retention Practices Disposal Practices Office of the Information & Privacy Commissionerfor British Columbia
Custody & Control Office of the Information & Privacy Commissionerfor British Columbia
Clarify Requests & Talk with Applicants Office of the Information & Privacy Commissionerfor British Columbia
Fees Office of the Information & Privacy Commissionerfor British Columbia
Fee Estimates Office of the Information & Privacy Commissionerfor British Columbia