1 / 52

VIU Workshop: Creating a Culture of Privacy Awareness

Office of the Information & Privacy Commissioner for British Columbia. Protecting privacy. Promoting transparency . VIU Workshop: Creating a Culture of Privacy Awareness. June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator . Agenda. Protection of Privacy 60 minutes

ata
Télécharger la présentation

VIU Workshop: Creating a Culture of Privacy Awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Office of theInformation & PrivacyCommissionerfor British Columbia Protecting privacy. Promoting transparency. VIU Workshop:Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator

  2. Agenda Protection of Privacy 60 minutes Privacy Quiz 5 minutes Coffee/Tea Break 10 minutes FIPPA Basics 25 minutes Question Period 20 minutes Exam 20 minutes Office of the Information & Privacy Commissionerfor British Columbia

  3. VIU Privacy Policies Office of the Information & Privacy Commissionerfor British Columbia Arriving Soon!

  4. Privacy Breaches Not a question of IF But a question of WHEN & HOW BIG Office of the Information & Privacy Commissionerfor British Columbia

  5. Common Privacy Breaches • Stolen laptops or local hard drives • Lost or stolen documents • Blowing out of garbage trucks • Lost, stolen or misplaced recycling bins • Files on car roofs • Inappropriate or unauthorized behaviour • Browsing database • Blogs • Inadvertent disclosures • Mailing system errors • Faxing errors Office of the Information & Privacy Commissionerfor British Columbia

  6. Protecting PI Outside off Campus Office of the Information & Privacy Commissionerfor British Columbia

  7. F12-02U of Vic Investigation Report Importance of a Privacy Management Framework & Encryption Office of the Information & Privacy Commissionerfor British Columbia

  8. Layering Approach to Security Office of the Information & Privacy Commissionerfor British Columbia

  9. Social Media Background Checks Office of the Information & Privacy Commissionerfor British Columbia

  10. Issues with Social Media Background Checks • Accuracy • Collecting irrelevant or too much information • Overreliance on consent • Third party information Office of the Information & Privacy Commissionerfor British Columbia

  11. Before you check…remember • Personal information you collect is subject to FIPPA • Consider less intrusive ways to meet your purpose • Assess the risks • Ensure you have authority to collect • Develop policies and procedures to address risks • Be prepared to respond to requests for access, correction or for withdrawal of consent Office of the Information & Privacy Commissionerfor British Columbia

  12. … don’t • Wait until after you check to assess the risks • Assume you are only collecting information about one person • Assume that the information will be accurate • Use a personal account to perform the check • Ask a 3rd party to do the check • Think the person will not find out Office of the Information & Privacy Commissionerfor British Columbia

  13. What is Cloud Computing? Office of the Information & Privacy Commissionerfor British Columbia

  14. Weighing Your Options Office of the Information & Privacy Commissionerfor British Columbia

  15. Cloud Computing: Issues Office of the Information & Privacy Commissionerfor British Columbia

  16. Office of the Information & Privacy Commissionerfor British Columbia What should you ask your prospective cloud provider?

  17. What should you ask yourself? Office of the Information & Privacy Commissionerfor British Columbia

  18. Privacy Emergency Kit • What data can VIU share during an emergency? Office of the Information & Privacy Commissionerfor British Columbia

  19. VIU Alumni Association’s Use of PI Office of the Information & Privacy Commissionerfor British Columbia

  20. Sharing PI between VIU Departments Office of the Information & Privacy Commissionerfor British Columbia

  21. Sharing Health Information Office of the Information & Privacy Commissionerfor British Columbia

  22. PIAs & Self-Generated Research Office of the Information & Privacy Commissionerfor British Columbia

  23. S. 35 of FIPPA Research Agreements Office of the Information & Privacy Commissionerfor British Columbia

  24. Sharing Students’ Email Addresses Office of the Information & Privacy Commissionerfor British Columbia

  25. Privacy Quiz Time! Office of theInformation & PrivacyCommissionerfor British Columbia Protecting privacy. Promoting transparency. Presented by: Justin Hodkinson, Investigator

  26. 1. What does P.I.A. really mean? Office of the Information & Privacy Commissionerfor British Columbia

  27. 2. Where can you store personal information? Office of the Information & Privacy Commissionerfor British Columbia

  28. 3. Retention Office of the Information & Privacy Commissionerfor British Columbia

  29. 4. Who are you gonna call? Office of the Information & Privacy Commissionerfor British Columbia

  30. 5. Speed Round The Dean of the Business Department approaches you, the Registrar, & asks for a student’s home address. The Dean explains that she has reason to believe that the student is about to commit suicide & she wants to warn the student’s older sister, who still lives with their parents. How would you respond to this request for student information?

  31. Web Cam & • VideoSurveillance Office of the Information & Privacy Commissionerfor British Columbia

  32. More Information Video Surveillance: http://www.oipc.bc.ca/news/rlsgen/Video_Surveillance_Guidelines(March2008).pdf Social Media Background checks: http://www.oipc.bc.ca/pdfs/private/Guidelines-SocialMediaBackgroundChecks.pdf Cloud Computing: http://www.oipc.bc.ca/pdfs/private/Cloud_computing_for_SMEs_guidance_document.pdf Office of the Information & Privacy Commissionerfor British Columbia

  33. Office of the Information & Privacy Commissionerfor British Columbia

  34. FOI ACCESS Office of the Information & Privacy Commissionerfor British Columbia

  35. 10 Principles for Privacy Compliance Challenging compliance Give access Be open Use appropriate safeguards Be accurate Limit retention Limit collection, use, disclosure Obtain consent Identify the purpose Be accountable

  36. About the OIPC… • Independent office of the Legislature • Oversees privacy and access issues in the public (FIPPA) and private sector (PIPA) • Power to investigate, mediate & adjudicate • Guidelines, public education &reports Office of the Information & Privacy Commissionerfor British Columbia

  37. Role of the OIPC Office of the Information & Privacy Commissionerfor British Columbia

  38. What is“personal • information” ? • Information that can identify an individual: name, address, phone number, ID number. • Information about an identifiable individual: physical description, educational qualifications, blood type. Office of the Information & Privacy Commissionerfor British Columbia

  39. Access basics • Anyone can ask for their own personal information • Student can ask for exam questions but VIU will not disclose them • Must remove certain information • May remove other information Office of the Information & Privacy Commissionerfor British Columbia

  40. What is purpose of FIPPA? FIPPA passed in 1992 - Purposes of this Act 2 (1) The purposes of this Act are to make public bodies more accountable to the public and to protect personal privacy by (a) giving the public a right of access to records, (b) giving individuals a right of access to, and a right to request correction of, personal information about themselves, (c) specifying limited exceptions to the rights of access (d) Preventing the unauthorized collection, use or disclosure of personal information by public bodies, … Office of the Information & Privacy Commissionerfor British Columbia

  41. Duty to Assist Applicants Office of the Information & Privacy Commissionerfor British Columbia

  42. Access Request Basics Office of the Information & Privacy Commissionerfor British Columbia

  43. Employee Records & Investigations Office of the Information & Privacy Commissionerfor British Columbia

  44. Time Limits Office of the Information & Privacy Commissionerfor British Columbia

  45. Reasons for Extensions Office of the Information & Privacy Commissionerfor British Columbia

  46. Safeguarding basics Security Practices Retention Practices Disposal Practices Office of the Information & Privacy Commissionerfor British Columbia

  47. Custody & Control Office of the Information & Privacy Commissionerfor British Columbia

  48. Clarify Requests & Talk with Applicants Office of the Information & Privacy Commissionerfor British Columbia

  49. Fees Office of the Information & Privacy Commissionerfor British Columbia

  50. Fee Estimates Office of the Information & Privacy Commissionerfor British Columbia

More Related