SOSC 3365 Lecture Notes - Lecture 18: Personal Information Protection And Electronic Documents Act, Data Mining

Accountability: privacy officer must be appointed (or trained) within an organization, role: create procedures to safe guard personal information; point of contact for complains, trains others, responsible for information transferred to third party (via contract, agreement, policy, audits) Identifying purposes: organization must identify the purpose of collection of information, once collected information cannot be used for a different purpose. It may be written, verbal or inferred from actions. Liming collection: personal information can only be used for the purposes identified, there must be a information handling policy/procedure, personal information must be collected lawfully and without deception. Accuracy: organization is responsible for ensuring that the personal information is accurate and up to date (reasonable effort, must be a policy for routine updates. Safeguards: personal information must be protected against theft, unauthorized access and etc, encrypted computers, password protected spreadsheets, locked cabinets, clear desk policy, clear screen policy, passwords, employee training sessions, shredding discarded personal information.