PrivacyRight round-up: Webinars offer training, practical tactics to protect personal information

The OIPC’s PrivacyRight educational program was launched in response to a growing number of queries we received from private sector organizations about their legal obligations regarding the personal information they collect, use or disclose. We also heard from those who simply wanted to know how they can do better when it comes to handling personal information, as well as privacy-savvy members of the public eager to learn more about their rights.

Recently, we published the ninth and final installment of our series of animated PrivacyRight webinars. The webinars offer an engaging, in-depth look at the core considerations private organizations must keep in mind to comply with BC’s Personal Information Protection Act (PIPA). They’re designed to be useful as a reference for those developing or refining their own privacy programs and processes, as well as for in-house training and education.

We encourage you to take a look at all of the webinars and use them where they make sense for your organization.

Here is a rundown of PrivacyRight content– just click on the links for the webinars, as well as related guidance on each topic:

Before you can develop an effective privacy management program and communicate the importance of privacy in your organization, it’s important to understand the basics. What is personal information in the context of PIPA and why is understanding and abiding by the legislation not only your legal obligation, but simply smart business? The first PrivacyRight webinar, Webinar 1: basic obligations under PIPA, covers 10 basic privacy principles that should inform every decision you make related to the personal information your organization handles.

Next, turn those principles into practice by building a privacy management program – or refining the one you already have in place. Webinar 2, Privacy Management Programs makes it clear that while these “business plans for privacy” require careful thought at the outset, they need not be as complex as you might imagine. And, in the long run, they’re not only a legal obligation, but an investment in your business and a safeguard against potentially serious harms. A strong privacy policy is the cornerstone of any effective privacy program and Webinar 2b: How to write a privacy policy covers the “must haves” you should consider when writing one for your organization.

Before you collect, use and disclose any personal information, you must be sure you have the authority under PIPA to do so. Webinar 3, Authority to collect, use and disclose personal information, helps you make that distinction. PIPA is also a consent-based law, and that means, for the most part, organizations must obtain individuals’ consent when it comes to collecting, using or disclosing their personal information. See Webinar 4, Understanding consent and notification, for more. 

Of course, a privacy management program is only as strong as the safeguards you put in place to protect personal information. Webinar 5, Security safeguards, looks at how organizations can use everything from policies and training to physical and technological controls to protect personal information.

Protecting personal information also means controlling who has access to it. There are very few occasions when an organization can disclose or share people’s PI outside of their own organization. Webinar 6, Using and disclosing personal information, looks at the conditions that you need to meet when disclosing personal information, as well as the importance of information sharing agreements.

Under PIPA, individuals have the right to request a copy of their own personal information from an organization. Webinar 7, How to handle access requests, breaks down organizations’ legal obligations to respond to these requests, and what those responses should contain.

Despite all of the steps an organization might take to protect the personal information in its custody, privacy breaches can still happen. Dealing with them effectively and expeditiously is crucial. Webinar 8, Managing privacy breaches, helps organizations formulate a proactive breach response plan that could mitigate serious financial and reputational harm.

Finally, Webinar 9, Risk management and compliance monitoring, details the benefits of taking a risk-management approach to protecting personal information: identifying and evaluating privacy risks and working to monitor, minimize, avoid, or otherwise mitigate them. Privacy risks are inevitable for any organization that handles personal information – disaster as a result of them need not be.

More great PrivacyRight content!

What kinds of personal information are involved in your everyday transactions, and what does protecting that information look like in a real-world scenario? Our four-part PrivacyRight animated video series shows all of the concerns surrounding personal information that could arise from just going to the dentist.

The first two editions of the PrivacyRight podcast take the form of fictional investigative news reports into privacy issues that are all too real, including the privacy implications of using tech to screen potential employees as well as what the change in cannabis laws means for Canadians and their personal information, particularly when crossing the US border.

What’s next for PrivacyRight?

PrivacyRight will continue into the New Year! Stay tuned for the third PrivacyRight podcast on strata-related privacy issues, as well as a survey through which we hope to learn more about what you found most useful about the program to date and where you’d like to see it go from here.

Stay tuned to the OIPC’s PrivacyRight webpage and our social platforms (Twitter, LinkedIn) for updates.