One of the privacy principles in our laws is the accountability principle. It has two components: one being external and the other being internal.
External accountability means that when you use third parties to process your personal information, you cannot pass off your responsibilities. You must continue to protect that personal information and ensure it is only processed for the legitimate and identified purpose.
Internal accountability means you have to appoint someone to ensure compliance with privacy laws. This person must be adequately trained and resourced to do their job. And, if your organization is a data-driven organization (whose isn’t these days?), then the internal accountability principle also means you must develop a privacy management program commensurate with the nature, amount and sensitivity of the information you’re processing.
One of the stalwart features of any privacy management program is training and awareness.
And, this is what I was doing this week — pandemic be damned, it’s not going to stop my clients from making sure they’re doing their best.
In one of the training sessions, with Pelmorex Corp. (The Weather Network/MeteoMedia), we took just over an hour for a privacy refresher course. We also looked at what might be coming down the pike in Canada — namely, Bill C-11. Despite the challenges of having about 50 people on a video call, we managed to have a good discussion, and I’m quite certain that privacy awareness has risen as a result.
Speaking of Bill C-11, there’s a pretty lengthy criticism of the proposed new privacy law in the Financial Post. It’s penned by Jim Balsillie, and we summarize it below. He basically says the law doesn’t go far enough to curtail unethical data practices, and he’d like to see privacy elevated to human rights status. I suspect Commissioner Therrien might agree with some of what he said. On the other hand, others feel it strikes a balance, considering private sector privacy in Canada has historically flowed from Trade and Commerce powers. Let’s make sure we don’t argue so much— on this not unimportant point, that we don’t get a better law soon.
In any event, there’s a bit more to catch up on this week, so pour that coffee and take a few moments to read these stories and stay informed. That, too, is part of being an accountable privacy pro!