ELW4-Ch10 Privacy in the Workplace PDF
Document Details
Uploaded by RoomyCthulhu
2021
Kelly Williams-Whitt,Adam Letourneau,TJ Schmaltz,Ryan Anderson,Kathryn J. Filsinger
Tags
Related
Summary
This presentation discusses the privacy of personal information in the workplace, referencing relevant legislation like PIPEDA and PIPA. It examines how organizations should handle and protect personally identifiable information.
Full Transcript
1 NOTICE Copyright Disclaimer This PowerPoint presentation is copyright protected. Individuals who have adopted the related Emond Publishing textbook for their course are granted permission to use this pres...
1 NOTICE Copyright Disclaimer This PowerPoint presentation is copyright protected. Individuals who have adopted the related Emond Publishing textbook for their course are granted permission to use this presentation for instructional purposes only. Slides may not be distributed under any kind of Open Access style license, or website, or be duplicated, copied, sold, or otherwise exploited for any commercial purpose without Emond Publishing’s express written consent. Thank you. Copyright © 2021 Emond Montgomery Publications. All rights reserved. Employment Law for Business and Human Resources Professionals: Alberta and British Columbia, 4th Edition Authors Kelly Williams-Whitt Adam Letourneau TJ Schmaltz Ryan Anderson Kathryn J. Filsinger Canadian Business Law, 3rd Edition CHAPTER 10 Privacy Inside and Outside the Workplace 4 Privacy Privacy of personal information is a relatively new issue In past, privacy was protected by the practical difficulties in compiling records Today, vast amount of sensitive, personal information can be compiled, analysed, transferred, and manipulated in nanoseconds Privacy concerns are now paramount Employers can be vicariously liable for privacy invasions carried out by their employees in the course of their duties Personal Information Protection and Electronic Documents Act (PIPEDA): federal legislation that sets out how organizations may collect, use, and disclose personal information Copyright © 2021 Emond Montgomery Publications. All rights reserved. 5 What is “Personal Information”? It is information about an identifiable individual and includes such things as: Age, sex, religion, ethnicity, opinions, photographs ID numbers, home address, residential phone number, personal email address, web browsing Purchasing and spending habits, income, credit records, loan records Disciplinary actions, employee files, pay, benefit records Blood type, medical records Copyright © 2021 Emond Montgomery Publications. All rights reserved. 6 Freedom of Information and Protection of Privacy Act Provides individuals with the right to request access to information in the custody or control of public bodies, while providing public bodies with a framework within which they must conduct the collection, use, and disclosure of personal information Public bodies include: A department, branch, or office of the government An agency, board, commission, corporation, office, or other body designated as a public body in the regulations of the Act Educational bodies Health care bodies Local government bodies Self-governing professions Copyright © 2021 Emond Montgomery Publications. All rights reserved. 7 Freedom of Information and Protection of Privacy Act Provides access to records, unless the Act specifically allows the record to be withheld The right of access is balanced by the need to protect individual privacy You can ask to see records held by the government, including personal information about you You have the right to request that your personal information held in government files be corrected This is not an absolute right, and a request to correct information may be turned down Individuals can also complain to the commissioner if they believe their personal information has been collected, used, or disclosed in violation of the Act Provides for review by the Information and Privacy Commissioner Copyright © 2021 Emond Montgomery Publications. All rights reserved. 8 PIPEDA: Who’s Covered? Jan. 1, 2001—federal government enacted privacy legislation called the Personal Information Protection and Electronics Document Act (PIPEDA) to cover personal information held by organizations in the private sector Applies to personal information collected, used, disclosed, and retained on employees and customers, etc. in federally regulated industries Alberta, BC, other provinces passed comparable legislation: Personal Information Protection Act (PIPA), for provincially regulated industries: In November 2013, the Supreme Court of Canada struck down Alberta’s PIPA, providing one year to bring into compliance Alberta’s PIPA has since been amended (December 2014), is undergoing a comprehensive review Copyright © 2021 Emond Montgomery Publications. All rights reserved. 9 PIPEDA: Some Recent Amendments June 18, 2015—the federal Digital Privacy Act was proclaimed, with some key changes to PIPEDA Where security has been breached and there is risk of significant harm, the organization must report and keep records of the breach The definition of “personal information” has been broadened PIPEDA now covers applicants as well as employees Business contact information is exempt if used solely for the purpose of communicating for business, employment, or professional matters Permission to disclose without consent to third parties has been broadened in cases involving illegality, fraud, and financial abuse Privacy Commissioner can enter into compliance agreements Copyright © 2021 Emond Montgomery Publications. All rights reserved. 10 Privacy: 10 Principles 1. Accountability: the organization that collects the info must _____________________________________________________ 2. Identify the purpose: the organization must _____________________________________________________ 3. Consent: the individual _______________ prior to collection (some exceptions) 4. Limited collection: the organization must _____________________________________________________ Copyright © 2021 Emond Montgomery Publications. All rights reserved. 11 Privacy: 10 Principles (cont’d) 5. Limited use, disclosure, and retention: the organization may _______________________ __________________ and must not _____________________________________________________ 6. Be accurate: the organization should ensure that the info is ________________. Individuals are given the opportunity to correct errors 7. Provide safeguards: the organization should protect info against _____________________________________________________ Copyright © 2021 Emond Montgomery Publications. All rights reserved. 12 Privacy: 10 Principles (cont’d) 8. Be open: Privacy policies and procedures should _______________. Supervisors should be familiar with them. 9. Give individuals access: the organization must provide individuals with __________________ ____________________________________________ ____________________________________________ 10. Provide recourse: the organization must ____________________________________________ Copyright © 2021 Emond Montgomery Publications. All rights reserved. 13 Personal Information Protection Act (PIPA) In 2003, British Columbia enacted legislation comparable to PIPEDA, called the Personal Information Protection Act (PIPA) for provincially regulated industries Includes workplace rules for employee personal information In 2004, Alberta enacted legislation comparable to PIPEDA, called the Personal Information Protection Act (PIPA) for provincially regulated industries Includes workplace rules for personal employee information Amended 2005, 2009, 2010, 2014 Currently undergoing a comprehensive review Copyright © 2021 Emond Montgomery Publications. All rights reserved. 14 PIPA: Who’s Covered? Provincially regulated organizations to which PIPA applies include: Non-profit organizations Trade unions Private schools Partnerships Corporations Unincorporated associations Professional regulatory associations Any individual acting in a commercial capacity Any individual acting on behalf of a corporation, unincorporated association, trade union, or partnership Copyright © 2021 Emond Montgomery Publications. All rights reserved. 15 PIPA: Principles Governs the collection, use, and disclosure of personal information by private sector organizations Recognizes both the right of an individual to have his or her personal information protected, and the need of organizations to collect, use, or disclose personal information for reasonable purposes Personal information in the custody or control of private sector organizations, as it relates to commercial transactions or activities, are subject to PIPA For workplaces, PIPA also covers personal information about employees Copyright © 2021 Emond Montgomery Publications. All rights reserved. 16 PIPA: Principles (cont’d) PIPA allows individuals to request access to their own personal information, including employee information, and to request correction of inaccurate personal information. Individuals may also make a complaint to the commissioner if they believe their privacy has been violated (e.g., computer monitoring) or their personal information has been collected, used, or disclosed without proper authority or their consent. Allows the commissioner to hear privacy complaints and review the decisions of private sector organizations to deny individuals access to their own personal information, or to refuse requests for correction of that information. Copyright © 2021 Emond Montgomery Publications. All rights reserved. 17 Privacy: Steps to Compliance 1. Appoint Chief Privacy Officer (CPO) 2. Assess how organization collects, stores, retains, uses, and discloses personal information for customers/clients/patients/suppliers and employees Include marketing, sales, HR, payroll, finance, purchasing, technical 3. Develop policies and procedures to bring organization into compliance 4. Train all staff to ensure awareness 5. Monitor performance of policy Copyright © 2021 Emond Montgomery Publications. All rights reserved.