Upload
franklin-johnson
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
VIU Workshop:Creating a Culture of Privacy Awareness
June 12, 2013By Justin Hodkinson
OIPC Policy Analyst/Investigator
Office of theInformation &
PrivacyCommissioner
for British Columbia
Protecting privacy. Promoting transparency.
Agenda
Protection of Privacy 60 minutes
Privacy Quiz 5 minutes
Coffee/Tea Break 10 minutes
FIPPA Basics 25 minutes
Question Period 20 minutes
Exam 20 minutes
Office of the Information & Privacy Commissioner
for British Columbia
VIU Privacy Policies
Arriving Soon!
Office of the Information & Privacy Commissioner
for British Columbia
Privacy Breaches
Not a question of IF But a question of WHEN & HOW BIG
Office of the Information & Privacy Commissioner
for British Columbia
Common Privacy BreachesStolen laptops or local hard drives
Lost or stolen documentsBlowing out of garbage trucksLost, stolen or misplaced recycling binsFiles on car roofs
Inappropriate or unauthorized behaviourBrowsing databaseBlogs
Inadvertent disclosuresMailing system errorsFaxing errors
Office of the Information & Privacy Commissioner
for British Columbia
Protecting PI Outside off Campus
Office of the Information & Privacy Commissioner
for British Columbia
F12-02U of Vic Investigation Report
Importance of a Privacy Management Framework
& Encryption
Office of the Information & Privacy Commissioner
for British Columbia
Social Media Background Checks
Office of the Information & Privacy Commissioner
for British Columbia
Issues with Social Media Background Checks
• Accuracy• Collecting irrelevant or too
much information• Overreliance on consent• Third party information
Office of the Information & Privacy Commissioner
for British Columbia
Before you check…remember Personal information you collect is subject to FIPPA
Consider less intrusive ways to meet your purpose
Assess the risks
Ensure you have authority to collect
Develop policies and procedures to address risks
Be prepared to respond to requests for access, correction or for withdrawal of consent
Office of the Information & Privacy Commissioner
for British Columbia
… don’tx Wait until after you check to assess the risks
x Assume you are only collecting information about one person
x Assume that the information will be accurate
x Use a personal account to perform the check
x Ask a 3rd party to do the check
x Think the person will not find out
Office of the Information & Privacy Commissioner
for British Columbia
What should you ask your prospective cloud provider?
Office of the Information & Privacy Commissioner
for British Columbia
Privacy Emergency Kit
• What data can VIU share during an emergency?
Office of the Information & Privacy Commissioner
for British Columbia
VIU Alumni Association’s Use of PI
Office of the Information & Privacy Commissioner
for British Columbia
Sharing PI between VIU Departments
Office of the Information & Privacy Commissioner
for British Columbia
PIAs & Self-Generated Research
Office of the Information & Privacy Commissioner
for British Columbia
S. 35 of FIPPA Research Agreements
Office of the Information & Privacy Commissioner
for British Columbia
Sharing Students’ Email Addresses
Office of the Information & Privacy Commissioner
for British Columbia
Privacy Quiz Time!
Office of theInformation &
PrivacyCommissioner
for British Columbia
Protecting privacy. Promoting transparency.
Presented by: Justin Hodkinson, Investigator
Office of the Information & Privacy Commissioner
for British Columbia
1. What does P.I.A. really mean?
Office of the Information & Privacy Commissioner
for British Columbia
2. Where can you store personal information?
5. Speed Round
The Dean of the Business Department approaches you, the Registrar, & asks for a student’s home address. The Dean explains that she has reason to believe that the student is about to commit suicide & she wants to warn the student’s older sister, who still lives with their parents.
How would you respond to this request for student information?
Office of the Information & Privacy Commissioner
for British Columbia
More InformationVideo Surveillance:http://www.oipc.bc.ca/news/rlsgen/Video_Surveillance_Guidelines(March2008).pdf
Social Media Background checks:http://www.oipc.bc.ca/pdfs/private/Guidelines-SocialMediaBackgroundChecks.pdf
Cloud Computing: http://www.oipc.bc.ca/pdfs/private/Cloud_computing_for_SMEs_guidance_document.pdf
10 Principles for Privacy Compliance
Be accountable
Identify the purpose
Obtain consent
Limit collection, use, disclosure
Limit retention
Be accurate
Use appropriate safeguards
Be open
Give access
Challenging compliance
Office of the Information & Privacy Commissioner
for British Columbia
About the OIPC…• Independent office of the Legislature
• Oversees privacy and access issues in the public (FIPPA) and private sector (PIPA)
• Power to investigate, mediate & adjudicate
• Guidelines, public education & reports
Office of the Information & Privacy Commissioner
for British Columbia
What is “personal information” ?
Information that can identify an individual: name, address, phone number, ID number.
Information about an identifiable individual: physical description, educational qualifications, blood type.
Office of the Information & Privacy Commissioner
for British Columbia
Access basics• Anyone can ask for their own personal information
• Student can ask for exam questions but VIU will not disclose them
• Must remove certain information
• May remove other information
What is purpose of FIPPA?FIPPA passed in 1992 -
Purposes of this Act
2 (1) The purposes of this Act are to make public bodies more accountable to the public and to protect personal privacy by
(a) giving the public a right of access to records,
(b) giving individuals a right of access to, and a right to request correction of, personal information about themselves,
(c) specifying limited exceptions to the rights of access(d) Preventing the unauthorized collection, use or disclosure of
personal information by public bodies, …
Office of the Information & Privacy Commissioner
for British Columbia
Employee Records & Investigations
Office of the Information & Privacy Commissioner
for British Columbia
Office of the Information & Privacy Commissioner
for British Columbia
Safeguarding basics
Security Practices
Retention Practices
Disposal Practices
Clarify Requests & Talk with Applicants
Office of the Information & Privacy Commissioner
for British Columbia
Office of the Information & Privacy Commissioner
for British Columbia
Thank you
Office of the Information and PrivacyCommissioner for British Columbia Telephone: (250) 387-5629 (general)
(250) 387-0035 (my direct line)
Toll-free access call Enquiry BC at one of the numbers listed below and request a transfer to (250) 387-5629: Vancouver: (604) 660-2421 Elsewhere in BC: (800) 663-7867
Email: [email protected] or [email protected]: (250) 387-1696