Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
The Road to Good Privacy Practices
29
The Road to Good Privacy Practices
What is our obligation?
Our Obligation
As a business, we are required by law to do everything in our power to protect our clients' personal information.
To help prevent privacy breaches, we use safeguards
What is personal information?
Personal Information
Name
Phone number
Address
Account information
Passwords
Payment information
System information
Privacy Breaches
Breaches
A privacy breach is any instance that client information has either been shared outside the organization, or has had the opportunity to be shared outside the organization.
Examples:
Leaving client information on your desk overnight (the cleaning staff could see it).
Throwing a quote in the recycling bin.
Writing payment information on a Post-It note.
Recording Breaches
Recording Breaches
There is no blame in privacy!
All breaches, no matter how minor, must be reported to the Privacy Committee as required by law. There will be no repercussions for reporting a breach, and all information will be kept confidential.
The Privacy Committee will evaluate the breach and record it in the Breach Log, which we are required to maintain for 2 years. Breaches deemed 'serious' will be reported to the Privacy Commissioner of Canada, as required by law.
Our primary goal is to maintain an accurate breach log from which we can develop new safeguards to prevent future breaches.
Safeguards
Safeguards
Safeguards are procedures, policies, and best practices we put into place to help prevent privacy breaches.
Examples:
A clean desk policy to ensure all information is secure.
Shredding sensitive documents immediately.
Only accepting payment info through designated channels (encryption).
Examples
Examples
Equifax, 2017
Personal information (including Social Security Numbers, birth dates, addresses, and in some cases drivers' license numbers) of 143 million consumers; 209,000 consumers also had their credit card data exposed [...] an application vulnerability on one of their websites led to a data breach.
TJX Companies, Inc., 2006
94 million credit cards exposed. There are conflicting accounts about how this happened. One supposes that a group of hackers took advantage of a weak data encryption system and stole credit card data during a wireless transfer between two Marshall's stores in Miami, Fla. The other has them breaking into the TJX network through in-store kiosks that allowed people to apply for jobs electronically.
Source: Taylor Armerding, csoonline.com, 2018
Our Policy
Our Privacy Policy will be emailed to each employee, as well as added to the website.
The whole team will be given access to the breach recording form.
Remember, the goal is to reduce privacy breaches, so there will be no repercussions for recording breaches, and the information will be treated confidentially.