BC OIPC provides instruction to delete a user account and DNA on 23andMe

Alberta, update to access and privacy legislation, passed in December and in force this spring

Federal Privacy Commissioner launches new online privacy breach risk self-assessment tool

Law Society – Bite Size video – cloud computing guide

Ontario IPC commissions report on workplace surveillance technologies

Australian IPC releases new Privacy Basics e-Learning module

Watch Law Society video-Cyber Breaches through Third Parties

Australia’s privacy commissioner publishes its Digital ID regulatory strategy

5 takeaways from the Lifelabs case

Put Privacy First – Privacy Commissioner of Canada speaks about privacy risk mitigation.

Blog

Risk Management and Privacy Protection

May 12, 2016 - Ron Kruzeniski, Information and Privacy Commissioner

Most organizations today have addressed the issue of risk management. Many have gone through a process of identifying the risks and the ways of mitigating those risks. They will have a document with the risks and the mitigating factors. Some will report to the CEO, a board council or minister on a regular basis.

When you hear the reports from around the world of hacking into systems and data being copied and or released on the web, when you hear of the costs to prevent future breaches, when you hear of the damage to reputation and brand, or security of data (personal information and or personal health information) these are undoubtedly risks that an organization faces. It is a significant risk and managers need to find ways of lessening that risk. Can you eliminate the risk? Probably not, but you can lessen the risk in the future.

This blog is to encourage all organizations to identify as a high risk the security of their data and to regularly discuss and report the level of risk and the steps they are taking to mitigate that risk. As to how to lessen that risk, there are many resources out there on best practices to protect your data including The Personal Information Protection Act, PIPA Advisory #8, Implementing Reasonable Safeguards from the Alberta IPC or Securing Personal Information: A Self-Assessment Tool for Organizations available on the Privacy Commissioner of Canada’s website.

Another way to identify and mitigate risk is by conducting a privacy impact assessment. More is available on my office’s website our publication Privacy Impact Assessment Guidance Document.

I encourage all organizations to put into practice ways of reducing the risks.

Categories: BlogTags:

Back to Blog

Was this page helpful?

Google Translate Disclaimer

Translations on the IPC Website are performed by Google Translate. Please note that not all text may be translated accurately or be translated at all. The IPC is not responsible for incorrect or inaccurate translations. The IPC will not be held responsible for any damage or issues that may result from using Google Translate.

For more information, read our full disclaimer.