1
340
Guide to LA FOIP-Chapter 6
Overview
8
The Right of Privacy
9
Privacy as a Charter Right
11
Privacy versus Confidentiality
12
The Threat of Identity Theft
13
10 Fair Information Principles
17
Accountability
19
Identifying Purposes
19
Consent
20
Limiting Collection
20
Limiting Use, Disclosure and Retention
20
Accuracy
21
Safeguards
21
Openness
22
Individual Access
22
Challenging Compliance
22
Need-to-Know Principle
23
Data Minimization Principle
24
De-identified information
25
Necessary, Effective & Proportional
31
Consent Requirements
32
Best Practice Steps for Consent Forms
36
Section 23: Definition of Personal Information
37
What is not Personal Information?
42
Subsection 23(1)(a)
45
Subsection 23(1)(b)
49
Subsection 23(1)(c)
52
Subsection 23(1)(d)
55
Subsection 23(1)(e)
57
Subsection 23(1)(f)
60
Subsection 23(1)(g)
63
Subsection 23(1)(h)
66
Subsection 23(1)(i)
68
Subsection 23(1)(j)
71
Subsection 23(1)(k)
73
Subsection 23(1)(k)(i)
74
Subsection 23(1)(k)(ii)
76
Subsection 23(1.1)
77
Subsection 23(2)(a)
80
Subsection 23(2)(b)
83
Subsection 23(2)(c)
85
Subsection 23(2)(d)
87
Subsection 23(2)(e)
90
Subsection 23(2)(f)
93
Subsection 23(3)
93
Section 23.1: Duty of local authority to protect
96
Safeguards
97
Administrative
98
Technical
103
Auditing
106
Encryption
108
Physical
111
Subsection 23.1(a)
114
Subsection 23.1(b)
116
Subsection 23.1(b)(i)
116
Subsection 23.1(b)(ii)
119
Subsection 23.1(b)(iii)
120
Subsection 23.1(c)
123
Section 23.2: Information Management Service Provider
125
Subsection 23.2(1)
126
Subsection 23.2(2)
127
Subsection 23.2(3)
130
Subsection 23.2(4)
131
Section 24: Purpose of Information
132
Over collection
135
Unsolicited Information
137
Section 25: Manner of Collection
139
Subsection 25(1): Direct Collection
139
Subsection 25(2): Inform Individual
140
Subsection 25(3): Exception to Informing
143
Section 26: Standard of Accuracy
146
Section 27: Use of Personal Information
150
Subsection 27(a)
153
Subsection 27(b)
157
“Use” Involving Contracted Third Parties
159
Subcontracting by Outsourcers
160
Section 28: Disclosure of Personal Information
161
Subsection 28(1)
164
Subsection 28(2)(a)
166
Subsection 28(2)(b)
168
Subsection 28(2)(b)(i)
169
Subsection 28(2)(b)(ii)
171
Subsection 28(2)(c)
173
Subsection 28(2)(d)
174
Subsection 28(2)(e)
175
Subsection 28(2)(f)
178
Subsection 28(2)(g)
180
Subsection 28(2)(h)
182
Subsection 28(2)(h.1)
187
Subsection 28(2)(i)
192
Subsection 28(2)(j)
196
Subsection 28(2)(k)
201
Subsection 28(2)(l)
206
Subsection 28(2)(m)
210
Subsection 28(2)(n)
212
Subsection 28(2)(n)(i)
212
Subsection 28(2)(n)(ii)
220
Subsection 28(2)(o)
221
Subsection 28(2)(p)
223
Subsection 28(2)(q)
225
Subsection 28(2)(r)
226
Subsection 28(2)(s)
229
Section 28.1: Notification
231
Privacy Breaches
234
Best Practice Steps for Breaches
236
Contain the breach
236
Notify
237
Investigate
238
Conducting Root Cause Analysis622F
240
Prevent
243
How IPC Investigations are Initiated
243
Process for Proactively Reported Breaches
243
Section 29: Personal information of deceased individual
245
Subsection 29(1)
245
Subsection 29(2)
247
Section 30: Access to personal information
250
Subsection 30(1)
251
Subsection 30(2)
252
Subsection 30(3)
258
Subsection 30(3)(a)
259
Subsection 30(3)(b)
263
Section 31: Right of correction
266
Subsection 31(1)
268
Subsection 31(2)
270
Subsection 31(2)(a)
272
Subsection 31(2)(b)
276
Subsection 31(2)(c)
278
Subsection 31(3)
279
Section 38: Application for review
280
Subsection 38(1)(a.4): Privacy complaints
280
Subsection 38(1)(c): Correction reviews
283
Subsection 38(2): 1 Year Deadline
284
Section 39: Review or refusal to review
284
Subsection 39(2)(a.6): Insufficient evidence
285
Validity Test
285
Privacy Impact Assessments (PIAs)
286
Records & Information Management (RIM)
290
Basic RIM Concepts728F
290
RIM Best Practices729F
292
Record Retention
303
Record Disposal
306
Best Practices for the Secure Destruction of Personal Information746F
308
Preserving Records
319
Focus on Issues in Privacy
321
Big Data and Predictive Analytics
321
Biometrics and Facial Recognition
324
Body Worn Cameras
325
Data Brokers
327
Personal Email Use for Business
329
Snooping
334
Surveillance
337
Made with FlippingBook
RkJQdWJsaXNoZXIy MTgwMjYzOA==