Embed Size (px)
Citation preview
1
Session 7 - PrivacySession 7 - Privacy
2
Personal Information Protection Personal Information Protection and Electronic Documents Actand Electronic Documents Act
• Governs the collection, use and disclosure of personal information in a manner that balances the right of privacy of all individuals
• Requires each organization to designate a responsible officer
3
Personal InformationPersonal Information
• Information about a person that originates from the person, e.g., social insurance number given to an employer, age.
• Does not include business information generated for a person, e.g., salary within the employer’s possession or grade within the school’s possession.
4
PIPEDA PrinciplesPIPEDA Principles
• Accountability – needs a chief privacy officer
• Identifying purpose
• Consent
• Limiting collection
5
PIPEDA PrinciplesPIPEDA Principles
• Limiting use, retention and disclosure.
• Accuracy
• Safeguards
• Openness
6
PIPEDA PrinciplesPIPEDA Principles
• Individual access
• Challenge
7
Technology Impact on PrivacyTechnology Impact on Privacy
• Increasing technology power enables organizations to hold and analyze more data thereby potentially violating privacy legislation.
• Increasing tracking devices like radio frequency ID’s may violate privacy.
8
Addressing Technology Impact Addressing Technology Impact on Privacyon Privacy
• Reviewing data stores to assess whether the amount and length of personal information retention is excessive.
• Reviewing data mining applications for privacy violations.
• Restricting tracking devices to be used within the organization.
9
But information about individuals acting in theirbusiness or professional capacity is NOTpersonal information (e.g. your name,position and records about routine workmatters do not usually constitute yourpersonal information)
10
To collect Personal Information, organizations must:
• Have legal authority to collect• Collect directly from an individual• Provide notice of collection
11
Collection of Personal Information must be directly from the person.
Unless one of the following exemptions applies:• Individual consents to indirect collection• The information collected for determining
suitability for an honour or award• Information collected for law enforcement• Indirect collection authorized by statute• Limited other circumstances
12
Notice of Collection
A notice to the individual whose Personal Information is beingcollected.
A Notice of Collection must include:• legal authority for the collection• principal purpose(s) for which their personal information is
intended to be used• title, business address telephone of a public official for
questions
Remember….when drafting notice….• consider possible future uses & disclosures• build in consistent purposes
13
Consistent Purpose • Relates to use and disclosure of personal information
• Consistent purpose: The individual might reasonably have expected the use or disclosure at the time that the information was collected
– Consistent purpose depends on the collection notice and what (reasonable) expectations it creates.
14
Personal Information can be used:
• with consent
• for original or consistent purposes
• for other limited purposes
15
Personal Information may only be disclosed
• in accordance with an Freedom of Information (FOI) request• with consent• for original or consistent purpose• on a need to know, by officers or employees in the course of
their duties• in compliance with legislation or an agreement• to other law enforcement agencies• to aid investigation (I.e. a law enforcement proceeding)• under compelling circumstances such as health/safety• in compassionate circumstances• by member of legislative assembly• ...others
16
We must…
• Maintain Personal Information for at least a year after last use, unless the individual consents to earlier disposal
• Take reasonable steps to not use PI unless it is accurate and up to date
• Dispose of PI according to regulation
17
Privacy is the requirement….Security enables Privacy
• Security covers data protection, integrity, confidentiality, availability and identity authentication; security safeguards that prevent unauthorized access to personal information – lock and key issues
• Privacy involves the individual’s ability, within reasonable limits, to control his/her own information and how it will be used – legal rights issues
18
The Levels of Sensitivity
1.1. HIGHHIGH
2.2. MEDIUM MEDIUM
3.3. LOW LOW
19
Determining Sensitivity Level
The level of sensitivity of information is based on:
–the level of the business requirements for confidentiality, integrity and availability of the information
AS A CONSIDERATION OF
–the harm and injury that may be caused by the unauthorized access or release of the information
The sensitivity level determines the appropriate safeguards required to protect the information.
20
Requirement for Confidentiality, Integrity and Availability
Confidentiality is required when…• Information must be protected from unauthorized disclosure
– consider consequences of unauthorized disclosure –e.g. business losses, embarrassment to government, or personal damage
Integrity is required when….• Information must be protected from unauthorized alteration or
destruction whether accidental or deliberate– consider severity of the damage due to faulty information –e.g. consequences could be anything from financial damages to loss of life
Availability is required when….• Information must be available when required
– consider impact of service disruption – e.g. to business criticality or customer confidence– lost productivity or revenue
21
How to Classify Information High Sensitivity Classification• Extremely sensitive information• Intended for use by named individuals or positions only • Restricted to specific employees only • Information that if disclosed without authorization,
–Could reasonably be expected to cause extremely serious personal or enterprise injury, significant financial loss (100’s K and up), loss of life or public safety, social hardship and major political or economic impact
Examples:– All personal information – Witness Protection records, Young Offender Records,– Cabinet documents, deliberations and supporting documents– Identity documents e.g., birth, death, adoption, OHIP, Drivers– Personal medical records –Documents that could aid a terrorist attack
22
How to Classify InformationMedium Sensitivity Classification• Information sensitive within the OPS • intended for use by specified groups of employees – • Restricted to specific groups of employees only.
–Could reasonably be expected to cause serious personal or enterprise injury, loss of competitive advantage, loss of confidence in the government program, moderate financial loss (10’s K$ and up) damage to partnerships, relationships and reputation
Examples:– personal case files e.g., employee or citizen files– third party business information – legal or policy advice– industrial trade secrets
23
How to Classify Information
Low Sensitivity Classification• Information generally available to employees and approved non- employees (e.g. consultant or vendor)
–Could reasonably be expected to cause injury to persons or enterprises that would result in minor financial loss, embarrassment and/or inconvenience.
Examples:– ordinary staff meeting agendas and minutes
– communications to claims clerks
– simple escalation procedures
Low sensitivity information does not require any labelling or ADDITIONAL safeguards.
24
Unclassified Information (a.k.a. everything else)
• Information that does not fall into any of the three sensitivity levels is considered “Unclassified”
• Unclassified information will not result in any injury to individuals, governments or to private sector institutions.
• Unclassified information does not require any labelling or ADDITIONAL safeguards.
Examples:– speeches that have been delivered– public forms and applications– news releases– information posted on the government Internet website
25
Classifying the information
Only the Owner may classify their information or change the classification of their information.
The Owner may delegate classification responsibilities.
26
Safeguards
Safeguards can be physical, technical and/or administrative.
Safeguards must be considered when sensitive information is being created, accessed, stored, transmitted, distributed and destroyed.
The primary safeguard for sensitive information is labelling.
27
Labelling Options
Once the information has been classified it has to be labelled. There are many easy to use options available to you for labeling your information, such as:
• Setting a header format• Creating a macro• Applying a watermark• Using an ink stamp• Printing self-adhesive labels.
Please refer to examples in your manual AND THE BEST PRACTICES DOCUMENT ON THE SECURITY WEBSITE.
28
Labelling High & Medium Sensitivity Information
All high and medium sensitivity information must be labelled
low sensitivity and unclassified information do not require labelling or any additional safeguards
Steps for Labelling
1.Ensure you are the owner of the information – if not contact the owner immediately for further instructions.2.Label all pages3.Label clearly 4.For high sensitivity information, label all notes, drafts and photocopies5.Put label in top right corner or center of page (not over existing printing)6.Label all forms of information media (e.g. diskettes, CD’s, microfiche/microfilm, tapes, videos and paper documents)
29
Distributing High & Medium Sensitivity Information
• Only the owner or a delegate may copy or distribute sensitive information
• Distribute to named individuals or positions only
• Number copies to control how many are distributed
• Maintain a distribution list
• Mark each page “not to be copied or distributed without written consent of the Owner”
• Inform receiver information is not for distribution
High Sensitivity
• Transmit encrypted and digitally signed.
30
Faxing Sensitive Information
Medium sensitivity • Use a fax machine located in a secure, supervised
area• Confirm the receipt of the faxed document• Maintain transmission and receipt of recordsHigh sensitivity • Use end-to-end encryption and a fax machine located
in a secure, supervised area• Retrieve fax copies immediately
31
Safeguards
Emailing Sensitive Information
High Sensitivity• Use encryption and digital signature• Keep a record of transmission/receipt of email
(folders file – sent file)
• Don’t forward sensitive e-mails to web-based email accounts or to Blackberry, text messaging cell phones, etc.
32
Safeguards
Laptops and Mobile Computing Devices
High or Medium sensitivity information
Program managers or delegates must install the OPS encryption technology
– Encrypt only the directories containing sensitive information– Do not encrypt applications or operating system
Ensure access is password protected– Do not keep a record of the password with the laptop– Encrypt sensitive information on all mobile media (i.e cds,
diskettes, videos, etc.)– If lost, report to your manager, the Help Desk and the Cluster
Security Officer immediately
33
Safeguards
Removing High & Medium Sensitivity Information from the Office
• Get authorization in writing from the Program Manager• Keep a simple record
– date and time removed– who removed it– date and time returned
Don’t leave information or laptops unattended at any time in: • Boardrooms• Meeting rooms• Washrooms • Cars or public transit
34
Safeguards
Physical Storage of High and Medium Sensitivity InformationHigh sensitivity
• Store in locked, fire-resistant containers in secure location
Medium sensitivity• Store in locked containers in a secure location
• Ensure access is by authorized employees only• Keep desktop and work area clear of all sensitive material when
away• Review Clean Desk Policy• Control visitor access • Escort visitors to and from the door • Restrict use of boardroom by outside branches or entities
35
Safeguards
Electronic Storage of High & Medium Sensitivity InformationHigh sensitivity
– Must store in encrypted form – Must test backup copies periodically to ensure recoverability
Medium sensitivity – Must store under access control lists – Must use passwords in transmission
Both High and Medium•Use lock workstation feature (control/alt/delete)•Set screensaver to automatically activate when computer not in use for a prescribed length of time•Use screensaver password to re-enter session•Log off computer nightly or when away for extended periods of time•Enable auditing functions on servers and hard drives
36
Safeguards
Disposal of High & Medium Sensitivity Information
Physical Media:
• Shred paper documents using cross cut shredders • Break or shred CD’s and DVD’s• Use magnetic erasers (degaussers) for diskettes or tapes (don’t simply
delete information and throw away)• Know your retention schedules• Ensure authorized ministry employee supervises removal and destruction of
docs• Keep a simple control log or records retention schedule log• Ensure that the log reflects the date the information was destroyed
37
Safeguards
Disposal of High & Medium Sensitivity Information
Contact CSO to ensure the following mandatory tasks are
performed:
Electronic Media:
• Mandatory wiping of hard drives on leased equipment for ALL sensitivity levels
• Overwrite file space by approved method • Remove all directory entries• Delete backup files
