Chapter 1 CSA Flashcards
what is csa
canadian Standards Association (CSA) The CSA Group is a standards organization which develops standards in 57 areas. CSA publishes standards in print and electronic form, and provides training and advisory services. CSA is composed of representatives from industry, government, and consumer groups.
(CSA) privacy principles .. explain origin and links to pipeda and date , and name
cSA developed its own set of privacy principles and broke the OECD’s code into 10 principles. The 10 principles were incorporated as a schedule to Canada’s private-sector privacy law, PIPEDA. The principles also formed the basis of the principles of the Canadian Standards Association. he CSA called its iteration, “Model Code for the Protection of Personal Information.
published in 1996,
csa 10 principles
“1.Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
2.Identifying Purposes
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
3.Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
4.Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
“5.Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
6.Accuracy
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
7.Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
8.Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
9.Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10.Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
who developed General Concepts of Generally Accepted Privacy Principles and why
American Institute of CPAs and the Canadian Institute of Accountants
These principles were established to help businesses navigate the competing interests of business, government and consumers. Each principle is supported by “objective and measurable criteria” available in the full text of the document.
what are the The Generally Accepted Privacy Principles (GAPP)
- Management. The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
- Notice. The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
- Choice and consent. The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
- Collection. The entity collects personal information only for the purposes identified in the notice.
- Use, retention and disposal. The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information for only as long as necessary to fulfill the stated purposes or as required by law or regulations and thereafter appropriately ”“or regulations and thereafter appropriately disposes of such information.
- Access. The entity provides individuals with access to their personal information for review and update.
- Disclosure to third parties. The entity discloses personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
- Security for privacy. The entity protects personal information against unauthorized access (both physical and logical).
- Quality. The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
- Monitoring and enforcement. The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.”
what are the General Concepts of Fair Information Practices and General Privacy Principles and most influential
modern privacy that are fundamental principles. While there are several iterations of these principles, one of the more influential in the development of Canadian privacy law is the one adopted by the Organisation for Economic Co-operation and Development (OECD).
what are OECD privacy principles, year introduced and explain
1981, the OECD published a set of privacy principles entitled “Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.” That code encapsulated eight principles.