The Ontario Information and Privacy Commissioner is calling on organizations to make privacy a part of their corporate culture. Dr. Ann Cavoukian, says it is not enough for organizations to have a privacy policy in place – they must take steps on an ongoing basis to make sure it is reflected in every aspect of their operations.
This recommendation comes with the release of a new how-to guide on putting privacy policies into practice. The guide entitled, A Policy is Not Enough: It Must be Reflected in Concrete Practices provides a 7-step action plan on how to effectively execute an appropriate privacy policy and embed it in the concrete practices of an organization.
As stated in their press release, the importance of this issue was highlighted recently when Elections Ontario lost two USB keys containing the unencrypted personal information of as many as 2.4 million voters. In her investigation, Commissioner Cavoukian found the agency’s failure to systematically address privacy and security issues was at the root of the problems.
Commissioner Cavoukian said,…
For more, read my latest post on Slaw.
Marie-Yosie Saint-Cyr, LL.B. Managing Editor
Latest posts by Marie-Yosie Saint-Cyr, LL.B. Managing Editor (see all)
- Limiting access to federal recovery benefits during the mandatory quarantine - January 21, 2021
- First Reference annual holiday donation, season’s greetings and holiday break - December 24, 2020
- Top 10 most-read First Reference Talks blog posts for 2020 - December 24, 2020
For readers who are interested on IT risk management programs related to the implementation of a privacy policy, read the following post:
http://icblog.firstreference.com/when-a-privacy-policy-is-not-enough/