The Ontario Information and Privacy Commissioner is calling on organizations to make privacy a part of their corporate culture. Dr. Ann Cavoukian, says it is not enough for organizations to have a privacy policy in place – they must take steps on an ongoing basis to make sure it is reflected in every aspect of their operations.
This recommendation comes with the release of a new how-to guide on putting privacy policies into practice. The guide entitled, A Policy is Not Enough: It Must be Reflected in Concrete Practices provides a 7-step action plan on how to effectively execute an appropriate privacy policy and embed it in the concrete practices of an organization.
As stated in their press release, the importance of this issue was highlighted recently when Elections Ontario lost two USB keys containing the unencrypted personal information of as many as 2.4 million voters. In her investigation, Commissioner Cavoukian found the agency’s failure to systematically address privacy and security issues was at the root of the problems.
Commissioner Cavoukian said,…
For more, read my latest post on Slaw.
Marie-Yosie Saint-Cyr, LL.B. Managing Editor
Latest posts by Marie-Yosie Saint-Cyr, LL.B. Managing Editor (see all)
- Impact of September 30th federal holiday - September 14, 2021
- National Day of Mourning virtual commemoration - April 28, 2021
- Good Friday, Easter and Passover in 2021 - April 1, 2021
For readers who are interested on IT risk management programs related to the implementation of a privacy policy, read the following post:
http://icblog.firstreference.com/when-a-privacy-policy-is-not-enough/