Commissioner Ann Cavoukian and Eduard Goodman, Chief Privacy Officer,
IDT911, outline the basics for mitigating privacy risks
TORONTO, Oct. 22, 2013 /CNW/ - As a small business becomes more
networked and data-intensive, personal information and customer trust
are critical assets that must be protected. Ontario's Information and
Privacy Commissioner, Dr. Ann Cavoukian, and Eduard Goodman, Chief Privacy Officer of IDT911, today released a new white paper, Privacy Exposures and Risk Reduction Strategies for Small Organizations, to help small business avoid data breaches that are harmful to both
brand reputation and costly.
Privacy policies and procedures alone, without a concrete strategy for
implementation, will not protect an organization from privacy risks.
Applying the basic concepts of Privacy by Design in a small enterprise setting is essential to avoiding the pitfalls of
harmful data leaks. The new paper takes those proven concepts and
incorporates them into the following seven steps that organizations
should consider adopting:
the organization. Consider conducting an effective Privacy Impact
Link each requirement within the policy to a concrete, actionable item,
such as an operational process, controls and/or procedures, in effect
translating each policy item into a specific practice that must be
Demonstrate how each practice item will actually be implemented.
Develop and conduct privacy education and awareness training programs to
ensure that all employees understand the policies/practices required,
as well as the obligations they impose.
Designate a central "go to" person for privacy-related queries within
Verify both employee and organizational execution of privacy policies
and operational processes and procedures.
Proactively prepare for a potential privacy breach by establishing a
data breach protocol to effectively manage a breach.
"Small organizations that follow the guidance set out in this paper can
achieve much higher operating efficiencies," said Commissioner
Cavoukian. "Instead of risking the enormous cost of a privacy breach,
organizations that proactively take measures to prevent breaches make a
cost-effective investment - leading to a substantial privacy payoff."
"The headlines focus on privacy breaches at large corporations, but the
reality is that small organizations are equally—if not more—vulnerable
to privacy risks," said Eduard Goodman, chief privacy officer for
IDT911. "This paper outlines a sound approach to privacy management for
smaller organizations that may lack the resources and expertise to
reduce security risks."
The full paper is available for review here.
About the IPC
The Information and Privacy Commissioner is appointed by, and reports
to, the Ontario Legislative Assembly, and is independent of the
government of the day. The Commissioner's mandate includes overseeing
the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information
custodians. The Commissioner's mandate also includes helping to educate
the public about access and privacy issues.
Founded in 2003, IDT911 is North America's premier consultative provider
of identity and data risk management, resolution and education
services. The company serves over 17.5 million households across North
America and provides fraud solutions for a range of organizations,
including Fortune 500 companies, North America's largest insurance
companies, corporate benefit providers, banks and credit unions and
membership organizations. Since 2005, the company has helped more than
600,000 businesses manage their risk of data breaches. IDT911 is the
proud recipient of several awards, including the Stevie Award for Sales
and Customer Service and the Parent Tested, Parent Approved award for
social networking monitoring tool SocialScout. For more information,
please visit www.idt911.ca, www.facebook.com/idt911 and www.twitter.com/idt911.
SOURCE: Office of the Information and Privacy Commissioner/Ontario
For further information:
Media Relations Specialist
Office of the Information & Privacy Commissioner of Ontario
Public Relations Manager