AGENDA - Centre for Applied Cryptographic Research

AGENDA - Centre for Applied Cryptographic Research

Public Sector Case Studies: THE ESTABLISHMENT OF A PRIVACY OFFICE AGENDA Introduction to the ONTARIO WORKPLACE SAFETY & INSURANCE BOARD (WSIB) Evolution of the WSIB PRIVACY OFFICE Building a corporate PRIVACY INFRASTRUCTURE 2 The Workplace Safety and Insurance Board An Overview The Workplace Safety and Insurance Board (WSIB) began as the Workmen's Compensation Board in 1915 through an Act of the Ontario Legislature

The system of no-fault collective liability provides fair compensation for injured workers and their families, while spreading individual costs among employers Today, the WSIB administers some 340,000 claims with a staff of 4,293 located throughout Ontario A total of 201,272 Ontario employers are covered by the WSIB 3 ENABLING LEGISLATION WORKPLACE SAFETY and INSURANCE ACT (WSIA) Provides for legislative authority for the collection, use, retention and disclosure of information FREEDOM OF INFORMATION and PROTECTION OF PRIVACY ACT (FIPPA)

Provides the right of access to information under the control of institutions Protects the privacy of individuals with respect to personal information about themselves held by institutions and provides individuals with a right of access to that information 4 CHANGE DRIVERS WCB WSIB (1998) VISION: THE ELIMINATION OF ALL WORKPLACE INJURIES and ILLNESSES WISB now oversees Ontarios system of workplace safety education and training Greater support of research efforts in the study of occupational disease and workplace safety Emphasis on early and safe return to work

New technologies implemented Increased outsourcing of business processes 5 Alternate Service Providers LMR Service Providers Pharmacies WSIB Employees Working Outside the Office

WSIB Contracted Specialty Clinics Health Professionals Employers Hospitals Researchers Safe Workplace Associations (SWAS) APPLICATION SYSTEMS,

TELEPHONE FAX, MAIL, EMAIL, INTERNET 6 MAKING THE CASE FOR A PRIVACY OFFICE January 1, 2002 Program Privacy Group Developed the capacity to implement Privacy Impact Assessments Completed PIAs for key strategic projects Educated project teams through privacy presentations BUILT PRIVACY AWARENESS WITH SENIOR MANAGEMENT 7

DASHBOARD VIEW OF PRIVACY COMPLIANCE ACCOUNTABILITY SAMPLE IDENTIFYING PURPOSES SAMPLE CONSENT.. SAMPLE LIMITING COLLECTION..

SAMPLE LIMITING USE, DISCLOSURE &RETENTION SAMPLE ACCURACY SAMPLE SAFEGUARDS. SAMPLE OPENNESS.. SAMPLE

INDIVIDUAL ACCESS.. SAMPLE CHALLENGING COMPLIANCE SAMPLE 8 ACCOUNTABILITY Requirement * In Place In Not in Progress Place

1. You assign accountability for compliance with these principles to a specific person or group of people in your company. 2. You make available the identity and contact information of the person or group of people in your

organization who are accountable for compliance with established privacy principles 3. You develop and then implement specific privacy policies and procedures

Color Code Color Code Color Code *Source: Information and Privacy Commissioner/Ontario (IPC)- Privacy Diagnostic Tool 9

PRIVACY IS ON THE CORPORATE MAP July 1, 2002 WSIB PRIVACY OFFICE Legal Services Division Integrated FOI Program Full service ACCESS and PRIVACY OFFICE Multidisciplined team FOI Co-ordinator, business specialists, security architect, project management experience 10 TEAMWORK NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED PEOPLE CAN CHANGE THE WORLD. INDEED, IT IS THE ONLY THING THAT EVER HAS.

11 PRIVACY OFFICE RELATIONSHIPS BUSINESS LEGAL SERVICES PRIVACY OFFICE SECURITY ARCHITECTURE CONTRACTED SERVICE PROVIDERS RESEARCHERS 12 CORPORATE PRIVACY FRAMEWORK

- WSIB Privacy Design Principles Security Polices Operational Confidentiality Policies Education & Awareness Risk Assessments & Risk Mgmt -

FIPPA ACCESS Requests Research requests Governance FOI PROGRAM - - Privacy Impact Assessments Privacy Diagnostic Tool

Privacy Audits/ Reviews - Internal Portal Desktop Tools Training Programs Presentations 13 WSIB PRIVACY DESIGN PRINCIPLES Compliance with the Privacy Design Principles is mandatory (FIPPA) for all project staff and consultants Purpose:

Help staff and consultants doing projects understand and meet the WSIBs privacy obligations with respect to the design and implementation of any type of WSIB project Enhance WSIB privacy compliance by ensuring legislated privacy requirements are met from project concept to business integration upon completion of the project. 14 Applying the PRIVACY Concept to a Project: WSIB Project & Program Privacy Design Principles Project Initiation Terms of Reference Initial Privacy Security Screening Assessent 1st step in identifying privacy requirements

Business Case 15 PRIVACY Review Process Initial Privacy Screening Assessment: A questionnaire to determine if there are possible privacy implications,requiring a more detailed privacy review of the project To be completed at the conceptual phase of a project. Is there personal information (as defined by FIPPA) collected, used, disclosed and retained? Who collects it? How is it Collected? Where does it go? (ie. Does it cross Ontario/Canadian borders? How is it transmitted to external parties? (e-mail,fax) Will the data be retained? If so, for how long?

Who will have access to the information? What is the legislative authority for the collection, use and disclosure of personal information? 16 PRIVACY Impact Assessments What is a PIA? A PIA is a process that measures both legislative compliance (I.e. FIPPA, WSIA) and considers the broader privacy implications of a given proposal. Purpose The function of a PIA is to ensure that privacy risks associated with a given proposal are properly identified and addressed wherever possible, and that decision makers have been informed of these

risks and the options available to mitigate them. 17 The PIA in the PROJECT LIFE CYCLE CONCEPT and PLANNING Project Definition Initial PIA Conceptual Design Privacy & Security Requirements DETAILED DESIGN & IMPLEMENTATION Interim PIAs POST IMPLEMENTATION Final PIA

18 The PIA in the PROJECT LIFE CYCLE The Privacy Impact Assessment Process provides for: More detailed definition of privacy requirements Integration of privacy requirements into project Assurance reporting to project and business management 19 POSITIONING & COMMUNICATION PRIVACY PRIVACY IS NOT JUST ABOUT COMPLYING WITH LEGISLATION

PRIVACY IS ABOUT: BUILDING TRUSTED RELATIONSHIPS GOOD BUSINESS PRACTICE 20 21 22 QUESTIONS/COMMENTS? 23 SPEAKER CONTACT INFORMATION Laurisa Tkachenko Director, Privacy Office Workplace Safety & Insurance Board

200 Front Street West, 20th floor Tel: (416) 344-3685 email: [email protected] 24

Recently Viewed Presentations

  • Thermochemistry - Central Bucks School District

    Thermochemistry - Central Bucks School District

    Heat of Fusion. Heat of Fusion (melt): the amount of heat/mole absorbed to melt a solid substance H. fus. = +6.01 KJ/mole. Heat of Solidification (freeze) : heat /mole lost when a liquid substance freezes (This is the SAME as...
  • Lesson 3: Processed Kids Food Processing What Does

    Lesson 3: Processed Kids Food Processing What Does

    Processing Techniques Hydrogenation Chemicals change a liquid oil into a solid Known as hydrogenation, partially hydrogenated oils or trans-fats Raises cholesterol levels more than any other fat Can lead to heart disease FOOD FACT: HYDROGENATION Most people are wise to...
  • Prescribed Burning - University of Washington

    Prescribed Burning - University of Washington

    Times New Roman Monotype Sorts Notebook.pot WordPerfect Document (6.1) Microsoft Excel Worksheet Smoke Management in Idaho ID/MT Smoke Management Program ID/MT Smoke Management Program ID/MT Smoke Management Program Smoke Airshed Boundaries No Slide Title Emergency Episode Rule Smoke impacts in...
  • 4.4 Outliers and Dot Plots

    4.4 Outliers and Dot Plots

    What is an outlier? ... Create a dot plot for the following data: 52, 43, 61, 69, 69, 55, 62, 52, 47, 54, 69, 43, 53,48. Stem and leaf plots. The Stem-and-Leaf Plot is a type of graph where the...
  • lcole de mtorologie de lespace, utilisation des outils

    lcole de mtorologie de lespace, utilisation des outils

    According to GSMA there will be 1.7M phone users by end 2012 who do not possess a formal bank account.The worldwide mobile payments market, including purchases of digital and physical goods, money transfers and NFC transactions, will grow from $170bn...
  • Click to begin. Choose a category. You will

    Click to begin. Choose a category. You will

    Ideas or information intentionally spread to harm or help a cause What is propaganda? Hired soldier What is a mercenary? Privately owned ship outfitted with weapons What is a privateer? Category: Final Jeopardy Militias Militia that was essential to Patriot...
  • NHS Finance Language

    NHS Finance Language

    Cuckoo Lane Practice The CQC completed a comprehensive inspection of the Cuckoo Lane practice on the 28/01/2015, and rated the practice as outstanding It was commended for being well-led and providing responsive and effective services
  • CSCI 5582 Artificial Intelligence

    CSCI 5582 Artificial Intelligence

    As we'll see, it lies at the core of the following applications Automatic speech recognition Handwriting and character recognition Spelling correction Machine translation And many more. Counting Simple counting lies at the core of any probabilistic approach. So let's first...