Information and Privacy Commissioner of Alberta
Information and Privacy Commissioner for British Columbia
Federal and provincial Privacy Commissioners launch new online self-
assessment questionnaire to help organizations better protect personal
information, in keeping with private-sector privacy laws.
The federal, Alberta and British Columbia Privacy Commissioners launched a new online tool today that will help businesses
better safeguard the personal information of customers and employees.
The new Securing Personal Information: A Self-Assessment Tool for Organizations is a detailed online questionnaire and analysis tool that helps organizations gauge how well they are protecting personal information, in keeping with the applicable private-sector privacy law.
In Canada, commercial activities are subject to privacy legislation. The federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), applies to commercial activities in all provinces, except those that have enacted substantially similar legislation. British Columbia, Alberta and Quebec all have their own privacy legislation covering the private sector or commercial activities. Ontario has legislation which covers health information custodians, and is also considered substantially similar.
Under all of these laws, organizations that collect or hold personal information must take the necessary steps to protect it from unauthorized access, collection, use, disclosure, copying, modification, disposal and destruction.
"In a commercial transaction, clients and customers entrust their personal information to businesses," noted Jennifer Stoddart, Privacy Commissioner of Canada. "They expect the organization to keep that personal information safe, and to treat it with care and respect. This new tool will help organizations meet those expectations."
Developed jointly by the federal, Alberta and British Columbia privacy commissioners' offices, the tool can be used by any private-sector organization, particularly small and medium-sized businesses.
The tool is comprehensive and detailed, but also offers users the flexibility of focusing on areas most relevant to their own enterprise. The self-assessment and analysis process results in a framework that organizations can use to systematically evaluate and improve their data-security practices.
"Cleaning up after a data breach can be very costly for business," warns B.C. Privacy Commissioner Elizabeth Denham. "In addition to the time and energy that needs to be diverted in order to mitigate the damage, a breach can also harm an organization's reputation, and that can be much costlier than investing in better information-security practices in the first place."
Alberta's Privacy Commissioner Frank Work agreed. "It's well worthwhile for an organization to take the time to work through the questions in this important new tool. By highlighting any gaps in a company's information-security processes, the tool helps to reduce risk and bring peace of mind."
The Securing Personal Information Self-Assessment Tool is available via the commissioners' websites: www.priv.gc.ca;www.oipc.ab.ca;