The Ontario Information and Privacy Commissioner is calling on organizations to make privacy a part of their corporate culture. Dr. Ann Cavoukian, says it is not enough for organizations to have a privacy policy in place – they must take steps on an ongoing basis to make sure it is reflected in every aspect of their operations.
This recommendation comes with the release of a new how-to guide on putting privacy policies into practice. The guide entitled, A Policy is Not Enough: It Must be Reflected in Concrete Practices provides a 7-step action plan on how to effectively execute an appropriate privacy policy and embed it in the concrete practices of an organization.
As stated in their press release, the importance of this issue was highlighted recently when Elections Ontario lost two USB keys containing the unencrypted personal information of as many as 2.4 million voters. In her investigation, Commissioner Cavoukian found the agency’s failure to systematically address privacy and security issues was at the root of the problems.
Commissioner Cavoukian said,…
For more, read my latest post on Slaw.
- First Reference annual holiday donation, season’s greetings, and holiday break - December 22, 2023
- Top 10+ First Reference Talks blog posts for 2023 - December 22, 2023
- A new version of form T3010 is coming in January 2024 - November 24, 2023
Ron says
For readers who are interested on IT risk management programs related to the implementation of a privacy policy, read the following post:
http://icblog.firstreference.com/when-a-privacy-policy-is-not-enough/