Ontario issues new privacy help kit

Privacy is the next big business imperative, and now it can be tested with a free self-assessment guide – the Privacy Diagnostic Tool (PDT), unveiled recently by Ontario Information and Privacy Commissioner Ann Cavoukian.

Good privacy policy is good business policy, as it fosters consumer confidence, brand recognition and customer loyalty, said Cavoukian, speaking to executives and media during a press conference at the University of Toronto.

“There is no more business as usual. The PDT is a self-administered diagnostic tool that provides a snapshot of an organization’s privacy posture and creates a roadmap of what it needs to do to meet international privacy standards. Privacy is an ongoing and dynamic process,” Cavoukian said.

The PDT addresses 10 principles based on internationally recognized fair information practices such as accountability, consent, security safeguards, and individual access. Each principle relates to a series of questions to which users (based on current practices) answer yes or no. The self-assessment guide then notes the risks involved with non-compliance and alerts users to the best practices associated with each principle.

Jointly developed by the Information and Privacy Commission of Ontario and security and privacy experts from Toronto-based firms PricewaterhouseCoopers and Guardent, the PDT helps companies to assess personal information management policies and allows consumers to investigate the privacy policies of prospective businesses. Personal information includes name, address, gender, age, income, medical files and transactional or behavioural information.

“The PDT is more about best practice rather than basic compliance,” said Michael Deck, privacy director for Price-waterhouseCoopers Global Risk Management Services.

In 2000, online sales accounted for only 0.4 per cent of Canadian business revenue, Cavoukian noted. Consumer mistrust of online security is growing and any company that collects or discloses personal information should consider using the PDT, Cavoukian said.

The PDT will allow Canadian businesses to examine and strengthen their privacy policies, said Peter Cullen, corporate privacy officer for Royal Bank Financial Group in Toronto.

However, Cavoukian said the tool is not compliant with current or pending privacy legislation and is not designed to provide a detailed privacy audit.

“The PDT should be considered a gauge of privacy readiness and should complement current business privacy policies. Completing the PDT is a first step for compliance with most privacy statutes,” she said.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now