Implement & Maintain Your Privacy Policy

After you’ve developed your organization’s privacy policy, you may need to implement changes to your personal information practices and systems. Involve any business area that collects, uses or discloses personal information.

Practices and systems that may require immediate changes include:

Technology

Adopting the compliance standards addressed in your privacy policy may require changes to your information technology systems. For example, you may need to update your databases so you can retrieve the personal information of a specific individual when they request it or you may need to eliminate automatic or invisible collection of personal information on your website.

Communications Materials & Forms

To comply with your privacy policy and inform your customers about your updated personal information practices, you may need to review and revise your organization’s public information. This review may include your website, brochures and promotional material.

If you collect personal information using forms, whether on paper or online, review and revise these as well. For example, you may need to add notices to your forms to clarify the purpose for collecting personal information.

Service Contracts

Your organization is responsible for the personal information it collects, stores or controls. This includes personal information that your organization has transferred to a contractor and information a contractor may collect on your organization's behalf.

Your service contracts must clearly state the privacy requirements that must be met to comply with your organization’s privacy policy. The government’s Privacy Protection Schedule Template (MS Word) offers an example of a clear and enforceable contract.

Internal Training

Your employees are responsible for complying with your privacy policy daily. To support your employees, prepare a training program that outlines privacy requirements, expectations and procedures, including:

  • The legislative requirements governing personal information and privacy
  • The ten principles of privacy protection
  • Your organization’s privacy policy
  • Privacy considerations related to specific roles, tasks and responsibilities within your organization

All employees, associates, contractors, partners or agents who collect, use or disclose personal information must undergo some form of privacy training. Depending on your organization, you may need to offer both general education and job-specific training.

To supplement your internal training, you and your employees may also benefit from a privacy and information management public training session offered by the provincial government. These sessions explain how and why you must protect your customer’s personal information and privacy.