Privacy policies need more than words: Cavoukian

Corporate privacy policies are more than words on paper or a Web site, says Ontario’s privacy commissioner – they have to be actively worked on, supported and communicated.

“Privacy policies alone, without a proper strategy for implementation and ongoing compliance procedures, will not protect an organization from privacy risks,” Ann Cavoukian said Wednesday as she released a how-to privacy guide for the private sector and governments.

“The seven recommendations presented in this paper will provide organizations with concrete guidance on how to effectively execute an appropriate privacy policy, and have it reflected in actual practice,” she said in a statement.

The 17-page document builds on Cavoukian’s internationally respected Privacy by Design framework.

The importance of following up on privacy policies was highlighted in July when Elections Ontario publicly confessed that two temporary staff had lost track of two data sticks with the unencrypted personal information on as many as 2.4 million voters.

The department had policies to protect the data, but they weren’t followed.

The seven steps are

–After conducting a privacy impact assessment, implement a policy that reflects your organization’s privacy needs and risks;

–Link each requirement to a concrete actionable item;

–Show how each practice will be implemented;

–Create privacy education and awareness training;

–Designate a central person to answer questions;

–Verify policies and procedures are being followed;

–Have a policy ready in case there’s a privacy breach.



Related Download
Understanding how IBM Spectrum Protect enables hybrid data protection Sponsor: IBM
Understanding how IBM Spectrum Protect enables hybrid data protection
Abdicating your company’s data protection responsibilities to the first cloud solution provider you encounter is just as unwise as doing nothing at all to leverage the cloud. On the other hand, it can be a wise decision to investigate what results you might achieve by choosing a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.
Register Now