Ontario launches new corporate privacy tool

Privacy is the next business imperative, and now it can be tested with a free self-assessment guide – the Privacy Diagnostic Tool (PDT), unveiled Thursday by Ontario Information and Privacy Commissioner Ann Cavoukian.

Good privacy policy is good business policy, as it fosters consumer confidence, brand recognition and customer loyalty, said Cavoukian, speaking to executives and media during a press conference at the University of Toronto.

“There is no more business as usual. The PDT is a self-administered diagnostic tool that provides a snapshot of an organization’s privacy posture and creates a roadmap of what it needs to do to meet international privacy standards. Privacy is an ongoing and dynamic process,” Cavoukian said.

Jointly developed by the Information and Privacy Commission of Ontario and security and privacy experts from Toronto-based firms PricewaterhouseCoopers and Guardent, the PDT helps companies to assess personal information management policies and allows consumers to investigate the privacy policies of prospective businesses. Personal information includes name, address, gender, age, income, medical files and transactional or behavioral information.

“The PDT is more about best practice rather than basic compliance,” added Michael Deck, privacy director for PricewaterhouseCoopers Global Risk Management Services.

In 2000, online sales accounted for only 0.4 per cent of Canadian business revenue, Cavoukian noted. Consumer mistrust of online security is growing and any company that collects or discloses personal information should consider using the PDT, Cavoukian said.

“Privacy is needed for e-commerce to thrive – restrictions must be placed on the ability to share consumer information without consent,” she added.

The PDT will allow Canadian businesses to examine and strengthen their privacy policies, said Peter Cullen, corporate privacy officer for Royal Bank Financial Group in Toronto.

“The tool addresses customer concerns while still allowing businesses to grow,” Cullen said.

The PDT addresses 10 principles based on internationally recognized fair information practices such as accountability, consent, security safeguards, and individual access. Each principle relates to a series of questions to which users (based on current practices) answer yes or no. The self-assessment guide then notes the risks involved with non-compliance and alerts users to the best practices associated with each principle.

However, Cavoukian said the PDT is not compliant with current or pending privacy legislation and is not designed to provide a detailed privacy audit.

“The PDT should be considered a gauge of privacy readiness and should complement current business privacy policies. Completing the PDT is a first step for compliance with most privacy statutes,” she said.

The free download of PDT is at http://www.ipc.on.ca. Guardent is at http://www.guardent.com. PricewaterhouseCoopers is at http://www.pwcglobal.com/ca.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now