Chapter 2 Canadian Private Laws and Practices Flashcards

1
Q

What are the 10 Fair Information Principles?

A

Accountability
Identifying Purposes
Consent
Limiting Purposes
Limiting Use, Disclosure, and Retention
Accuracy
Safeguards
Openness
Individual Access
Challenging Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Accountability Explained…

A

An org. must do the following:
Implement procedures that protect PI
Establish procedures to receive and respond to complaints or questions
Train staff
Be transparent about all of these procedures and practices
Appoint individuals with primary responsibility for privacy protection
Orgs. are responsible for the PI they have custody or control of (includes third parties)
Note: This often culminates in the drafting of a privacy policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Identifying Purposes Explained…

A

Orgs. must identify and coument the purposes for the collection of any PI at or before the time of collection
New purposes must require fresh consent
Orgs. must describe purposes in a way that is valuable to individuals and broad enough to avoid obtaining consent everytime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Consent Explained…

A

Consent must be informed and meaningful
Individual must be able to withdraw consent
Cannot require consent for unrelated purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Privacy Audit?

A

Exercises performed internally or by independent third parties to ensure that orgs. hold PI in compliance with various applicable privacy obligations and with internal privacy standards established by the org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What 10 Fair Info Principle Spawned the Need for Privacy Audits
?

A

Consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the Challenges with Principle of Consent?

A

Opaque nature of privacy policies that are the basis of consent
Complex Information Flows
Business Processes that involve a multitude of third party intermediaries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Limiting Purposes Explained…

A

Requires org. to collect only the amount of PI legitimately needed to fulfill the identified purpose
Org. should not collect PI indiscriminately or beyond the scope of services provided
Cannot collect PI by misleading individuals or being less than candid about the purpose of collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Limiting Use, Disclosure, and Retention Explained…

A

PI shall not be used or disclosed for purposes other than those for which it was collected, except with consent of an individual or as required by law
PI shall be retained only for as long as necessary to fulfill those purposes - Must be disposed of after - also must address retention schedules and develop guidelines for destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Accuracy Explained…

A

Keep PI as accurate, complete, and up-to-date as is necessary for the purposes for which it is being used
Org. should make sure medical or credit PI to be accurate to avoid ill-fated consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or False? “An organization shall not routinely update PI, unless such a process is necessary to fulfill the purposes for which the information was collected”

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Safeguards Explained…

A

Must protect PI against loss of theft as well as unauthorized access, disclosure, copying, use, or modification
Must be protected according to the sensitivity of the information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True or False? Safeguards only applies to electronic data

A

False applies to both paper and electronic data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Openness Explained…

A

Responsible for proliferation of privacy policies
Make readily available to individuals specific information about their policies and practices relating to management of PI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Openness Fair Principle: the information made available must include the following

A

Name or title & address of the person accountable to whom complaints or inquiries can be forwarded
The means of getting access to PI held by the organization
A description of the type of PI held by the organization, including a general account of its use
The PI that is made available to related orgainzations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Individual Access Explained…

A

Must be able to respond to requests from individuals for access to their PI
Must inform individuals of the existence, collection, use, and disclosure of PI
Must be prepared to update information if inaccuracies are found
Cannot unduly delay response time

17
Q

Challenging Compliance
Explained…

A

Individuals should have the ability to challenge the organization’s PI handling practices
Should have the proper policies to deal with complaints
Each commissioner is given extensive power of investigation

18
Q
A