The Ontario Information and Privacy Commissioner is calling on organizations to make privacy a part of their corporate culture. Dr. Ann Cavoukian, says it is not enough for organizations to have a privacy policy in place – they must take steps on an ongoing basis to make sure it is reflected in every aspect of their operations.
This recommendation comes with the release of a new how-to guide on putting privacy policies into practice. The guide entitled, A Policy is Not Enough: It Must be Reflected in Concrete Practices provides a 7-step action plan on how to effectively execute an appropriate privacy policy and embed it in the concrete practices of an organization.
As stated in their press release, the importance of this issue was highlighted recently when Elections Ontario lost two USB keys containing the unencrypted personal information of as many as 2.4 million voters. In her investigation, Commissioner Cavoukian found the agency’s failure to systematically address privacy and security issues was at the root of the problems.
Commissioner Cavoukian said,…
For more, read my latest post on Slaw.
Yosie Saint-Cyr, LL.B. Managing Editor
Latest posts by Yosie Saint-Cyr, LL.B. Managing Editor (see all)
- Facebook to pay for false or misleading advertising to the public - June 1, 2020
- Face covering guidelines across Canada - May 27, 2020
- Amid COVID-19, take time on April 28 to mark Day of Mourning - April 24, 2020
For readers who are interested on IT risk management programs related to the implementation of a privacy policy, read the following post:
http://icblog.firstreference.com/when-a-privacy-policy-is-not-enough/