Depending on the type of information you collect, use and disclose a Privacy Impact Assessment is legally required. Failure to complete, update and maintain a current PIA can result in fines and penalties for your organization, up to $500,000. Core Privacy can assist your organization to achieve compliance with legislation requirements and implement appropriate safeguards to avoid costly breaches.
Did you know that as of August 1st, 2018 you can incur a significant fine if you fail to report a breach of privacy to the Office of the Information and Privacy Commissioner and the affected party?
Let us help you manage any breach scenario, whether it impacts one or one thousand individuals, whether it’s caused by ransomware or human error, by providing you the tools necessary to effectively contain the breach, notifying the affected individuals, investigating the cause of the breach and remediating the situation so it does not happen again.
3.1) Data Sharing Agreements
Data Sharing Agreements (DSA) outline the way your organization transfers individually identifiable information for a specified purpose. Whether you contract third party transcription services, utilize third party data and records storage services or engage in any relationship where a third party has access to your organization's personal information, a DSA is necessary to protect you and ensure each party's responsibilities are outlined.
3.2) Information Management Agreements
If you engage in a contract where any third party has access to individually identifiable personal or personal health information, you require an Information Management Agreement to protect your organization from any potential inadvertent disclosure or incident. Ensure the liability of both parties is clearly articulated so you are not left responsible for a third party's error or mishap.
According to the Alberta Office of the Information and Privacy Commissioner Annual Report, published for the 2017-2018 fiscal year, 72% of reported privacy breaches were the direct result of human error. Protect your employees and your organization from these error with proper, robust training.
We offer customized training solutions, including video content and full day instructor led sessions. Our programs are designed to fit your needs.
Would you know how to handle a personal information request from a former disgruntled employee? How about a third-party request from a Law Office or insurance company? In Canada, under access to information laws, your clients are entitled to their personal information. Ensure that you are handling these requests within legislated time frames and enacting all appropriate exemptions and exclusions- you don't want to disclose too little or too much.
Core Privacy can see you through the request process and ensure disclosures are appropriate and compliant.
Your organization's policies, procedures and guidelines lay the foundation groundwork necessary to ensure compliance with privacy legislation and outline how to implement those principles in your everyday operations. Core Privacy can assist with crafting robust, compliant and complete policies, procedures and guidelines to ensure your organization effectively implements the adequate physical, administrative and technical safeguards necessary to avoid confusion among staff, avoid privacy breaches and incidents and ensure legislative compliance.
Understanding the access request process and how to effectively respond is essential to ensure legislation compliance and balancing the right to know with effective privacy management. Core Privacy can guide you through proper documentation standards and guidelines to ensure your clinic's documentation is disclosure-ready.
Recruiting, training and retaining a full-time Privacy Officer can cost upwards of $250,000 per year. Let us be your Privacy Officer on-call. For a flat rate monthly fee, retain our services on an on-call, as-needed basis to service all your current and future privacy needs.