Privacy Fundamentals

• The factors driving public, private and non-profit organizations to develop and implement privacy programs e.g. consumer attitudes and expectations, privacy legislation, advances in technology, cybercrime and public safety.
• The "10 Commandments" of the Canadian Standards Association’s Model Code for the Protection of Personal Information.
• The security of personal information: ISO/IEC 17799: 2000 Information Technology - Code of Practice for Information Security Management.

Privacy Laws and Principles

• How provincial legislation (e.g., the Freedom of Information and Protection of Privacy Act, the Personal Health Information Protection Act, 2004) and the federal Personal Information Protection and Electronic Documents Act apply to your organization and to your business partners.
• Other legal instruments influencing the privacy issue (sector-specific legislation, regulations, contracts, employment law, and union agreements).
• The role of legal counsel – when to call in the lawyers.

The Privacy Impact Assessment (PIA)

• When to complete a PIA.
• PIA methodologies and templates.
• The key elements of a PIA:
  - Project/system description
  - The data flow analysis
  - The privacy analysis
  - Conclusions and recommendations
• Making PIAs work for you and your organization.

Managing Privacy Risks

• What to do when a privacy breach puts your organization on the front page of the newspaper.
• How to respond to a breach, deal with the media, investigate the circumstances of the breach and respond appropriately to the needs of the victim.
• Involving law enforcement agencies and forensic specialists.
• How to address the concerns of your board, senior management and the Information and Privacy Commissioner.

Implementing A Privacy Program

• Eight steps to privacy compliance:
  1. Establishing a privacy accountability framework
  2. Establishing a privacy policy framework
  3. Establishing essential privacy procedures
  4. Establishing an information inventory
  5. Privacy in third party contracts
  6. Training your staff
  7. Communicating with clients/customers
  8. Implementing security controls

Security Fundamentals

• An introduction to ISO/IEC 27002 – Code of Practice for Information Security Management and ISO/IEC 27799 –Security Management in Health Using ISO/IEC 27702.
• Identifying threats to health information.
• eHealth Security Architecture.
• Security Policy and Organization.
• Encryption and Encryption Technologies for Health Care.
• Threat and Risk Assessment.
• Access Control for Health Information Systems.
• Integrating Privacy and Security.
• Disaster Recovery and Business Continuity Management.

Engaging Your Stakeholders

• How to sell your program to senior management.
• How to assemble your Privacy and/or Security Team and get them motivated.
• How to engage all of the key stakeholders in your privacy program – patients, clients, staff, consultants, contractors, volunteers and senior management.
• How to develop and implement a comprehensive privacy program without breaking the bank. Identify low-cost quick hits to kick-start your program.
• How to motivate the people in your organization: training, staff awareness programs, compliance with privacy policies and disciplinary procedures.