Practices and systems that may require immediate changes include:
If you collect personal information using forms, whether on paper or online, review and revise these as well. For example, you may need to add notices to your forms to clarify the purpose for collecting personal information.
Your organization is responsible for the personal information it collects, stores or controls. This includes personal information that your organization has transferred to a contractor and information a contractor may collect on your organization's behalf.
- The legislative requirements governing personal information and privacy
- The ten principles of privacy protection
- Privacy considerations related to specific roles, tasks and responsibilities within your organization
All employees, associates, contractors, partners or agents who collect, use or disclose personal information must undergo some form of privacy training. Depending on your organization, you may need to offer both general education and job-specific training.
To supplement your internal training, you and your employees may also benefit from a privacy and information management public training session offered by the provincial government. These sessions explain how and why you must protect your customer’s personal information and privacy.