Assign Privacy Officers
- What is a privacy officer?
- Why have a privacy officer?
- Will one privacy officer be enough?
- Do I need to hire extra staff?
- What is the privacy officer's role if a complaint is made to the Information and Privacy Commissioner?
A privacy officer is the first point of contact in your organization when privacy issues arise. He or she has the authority to intervene on privacy issues relating to any of your organization's operations. A privacy officer is responsible for:
- Conducting a privacy audit and self-assessment
- Managing privacy training
- Responding to requests for access to and correction of personal information
- Working with the Information and Privacy Commissioner in the event of an investigation
By law, all organizations must assign at least one privacy officer. The name of the privacy officer should be circulated within the organization and staff should be encouraged to discuss privacy issues with the officer. The title and contact information of each privacy officer must also be made available to the public.
This depends on a number of factors such as:
- The size of your organization
- The structure of your organization (is it a single location or does it have multiple offices or branches?)
- The amount of personal information your organization holds
An organization with a number of offices or a large amount of personal information might choose to assign a privacy officer in each location. However, an organization that holds very little personal information might find that one privacy officer is enough.
A privacy officer can delegate his or her duties to another individual if the transfer of responsibility is formally documented.
In most cases an existing staff member can take on the duties of a privacy officer. However, if the main business or activity of your organization involves the collection or use of personal information, then a dedicated, full-time position may be necessary.