The Ontario Information and Privacy Commissioner is calling on organizations to make privacy a part of their corporate culture. Dr. Ann Cavoukian, says it is not enough for organizations to have a privacy policy in place – they must take steps on an ongoing basis to make sure it is reflected in every aspect of their operations.
This recommendation comes with the release of a new how-to guide on putting privacy policies into practice. The guide entitled, A Policy is Not Enough: It Must be Reflected in Concrete Practices provides a 7-step action plan on how to effectively execute an appropriate privacy policy and embed it in the concrete practices of an organization.
As stated in their press release, the importance of this issue was highlighted recently when Elections Ontario lost two USB keys containing the unencrypted personal information of as many as 2.4 million voters. In her investigation, Commissioner Cavoukian found the agency’s failure to systematically address privacy and security issues was at the root of the problems.
Commissioner Cavoukian said,…
For more, read my latest post on Slaw.
- First Reference annual holiday donation, season’s greetings and holiday break - December 24, 2021
- Ontario extends the COVID-19 period and paid IDEL period - December 8, 2021
- Impact of September 30th federal holiday - September 14, 2021
For readers who are interested on IT risk management programs related to the implementation of a privacy policy, read the following post:
http://icblog.firstreference.com/when-a-privacy-policy-is-not-enough/