Privacy Breach Planning and Management: A Municipal Perspective. Manitoba Ombudsman

Similar documents
Manitoba Ombudsman. Jurisdiction and Practice. Once Elected..What s Expected? Elected Municipal Officials Training Seminar 2019

MANITOBA OMBUDSMAN PRACTICE NOTE

Principles. Bison Transport will implement policies and procedures to give effect to this policy, including:

Deductible Instalment Payment Program for Pharmacare Application, Consent and Authorization Form

PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms.

The Personal Health Information Act:

Steps in Creating a Privacy and Security Policy Manual

THE CORPORATION OF THE CITY OF WINDSOR POLICY

Manitoba Ombudsman 2016 ANNUAL REPORT. Assiniboine River valley near St. Lazare, Manitoba

British Columbia Securities Commission. BC Instrument Start-up Crowdfunding Registration and Prospectus Exemptions

Breach Reporting and Record Keeping under PHIPA

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS

FOIP and the Trustee. Presentation by Angela Town ASBA Legal Services January 21, 2014

NAIC BLANKS (E) WORKING GROUP

THE CORPORATION OF THE CITY OF WINDSOR

DATA SERVICES CONTRACTS

FINANCIAL MANAGEMENT STRATEGY REPORT ON OUTCOMES FOR THE YEAR ENDED MARCH 31, 2016

RECIPIENT GUIDE TO YOUR CONTRIBUTION AGREEMENT WITH IMMIGRATION, REFUGEES AND CITIZENSHIP CANADA. Settlement and Resettlement Assistance Programs

The Province of British Columbia. Privacy Protection Measures

British Columbia Securities Commission. BC Instrument Start-up Crowdfunding Registration and Prospectus Exemptions

FRAMEWORK FOR CONSUMER PRIVACY LEGISLATION

ONTARIO TRANSFER PAYMENT AGREEMENT ONTARIO HUMAN CAPITAL RESEARCH AND INNOVATION FUND

2001 COOPERATIVE CREDIT ASSOCIATIONS - (in thousands of dollars) TABLE 1 - ASSETS

Our Privacy Policy SUPPLEMENTAL INSURANCE. Health Accident Disability Life. combined.ca

THE CORPORATION OF THE TOWN OF PENETANGUISHENE BY-LAW

North Simcoe Community Futures Development Corporation (NSCFDC) PRIVACY POLICY 1.0 PURPOSE OF PRIVACY POLICY 3

10.2 Purchase Card Policy (PCard)

PROFESSIONAL AND COMMERCIAL GENERAL LIABILITY APPLICATION

Department Overview. Chief Administrative. Office of the Chief Administrative Officer. Overview and Analysis

Applicable to. Date Revised February Review Date February 2009

BINDING CORPORATE RULES

INVESTIGATION REPORT F08-02 MINISTRY OF HEALTH

SCOTIABANK OMBUDSMAN. The Year In Review 2015 ANNUAL REPORT

Best Practice: Responding to a Privacy Breach

Guideline 6B: Record Keeping and Client Identification for Accountants and Real Estate Brokers or Sales Representatives

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

Item 5 - Policy Approval: Privacy Policy - Board of Directors GCHRCC Public Meeting - December 7, 2017 Report:GCHRCC: Attachment 1

P:\2014\Internal Services\rev\ec14021rev (AFS18865)

NEW YORK STATE WEST YOUTH SOCCER ASSOCIATION

MATERIALS MANAGEMENT SUPPLIER INFORMATION STANDARD PURCHASE ORDER TERMS AND CONDITIONS

CENTRA GAS MANITOBA INC. FRANCHISE AGREEMENT APPLICATION AMENDMENTS TO THE GENERIC FRANCHISE AGREEMENT INDEX. 4.0 Introduction...

METRO DIRECTION FINANCIAL INC PRIVACY POLICY

HEALTH LAW ALERT January 21, 2013

Data Breach Program Pricing Companies with revenues less than $1,000,000

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

Record Management & Retention Policy

MASTER SUPPLY AND SERVICES AGREEMENT BETWEEN THE CROWN IN RIGHT OF ONTARIO AS REPRESENTED BY THE MINISTER OF TRANSPORTATION. - and - ACCENTURE INC.

HIPAA Data Breach ITPC

Scotiabank Ombudsman. Annual Report. The Year in Review. Click here

SYNCHRO SWIM MANITOBA PRIVACY POLICY

Following this presentation, attendees should be able to: Identify key events in 340B landscape that occurred in 2015 and 2016.

Report P September 27, Town of La Scie

Data Processing Appendix

Section 57(1) of FIPPA outlines those costs incurred by a hospital that can be charged to the requester as fees, namely:

GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS

MANITOBA HOUSING SUPPLEMENTAL CONDITIONS CONTRACT #: XXXX GENERAL

General Data Protection Regulations Keeping records

THE CITY OF EDMONTON PROJECT AGREEMENT VALLEY LINE LRT STAGE 1. Schedule 18. Freedom of Information and Protection of Privacy

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Interim Supply Estimates

PRIVACY AND INFORMATION MANAGEMENT A Guideline For Alberta Veterinarians

Agenda. Agenda (cont.) Risk Management Association. Loss Data in an Organization s DNA

Title Insurance and Settlement Company Best Practices

REQUEST FOR PROPOSALS

HIPAA Privacy and Security Breaches 10 Things To Know

Prairie Centre Credit Union

BUSINESS ASSOCIATE AGREEMENT

TABLE OF CONTENTS. 1.1 Welcome to the Guide 1.2 Who is Required to Hold an Insurance Agent s Licence?

Insurance Brokerage Services

AppLovin Data Processing Agreement

INTRODUCTION... ERROR! BOOKMARK NOT DEFINED. YOUR ORGANIZATION... ERROR! BOOKMARK NOT DEFINED. EXPERTISE... ERROR! BOOKMARK NOT DEFINED.

PRIVACY CODE FOR THE PROTECTION OF PERSONAL INFORMATION

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

REQUEST FOR QUOTATION

Commercial third-party Code of Conduct NOKIA CODE OF CONDUCT

LAMP Services Limited Privacy Notice v1.2 4 th March Controller

How to Apply for Employment and Income Assistance in Manitoba

MULTI-SECTOR SERVICE ACCOUNTABILITY AGREEMENT April 1, 2011 March 31, 2014 SERVICE ACCOUNTABILITY AGREEMENT. with YOUTH HABILITATION QUINTE INC.

DATA PROCESSING AGREEMENT

HIPAA Breach Notification Case Studies on What to Do and When to Report

TABLE OF CONTENTS. Compliance Manual Version 4.8 Author: Updated: 28/05/2017

ALERT. November 20, 2009

Policy for the Protection of Personal Information and Privacy University Secretariat

HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA and ProAssurance

PROFESSIONAL INDEMNITY EXCESS INSURANCE POLICY COSTS EXCLUSIVE

GOVERNMENT OF THE YUKON TERRITORY

Loblaw Card Cardholder Agreement

NETWORK PARTICIPATION AGREEMENT

Canadian Breast Cancer Foundation CIBC Run for the Cure Post Secondary Challenge. To be eligible to participate in this Program, an individual must:

Global Compliance Policy on Due Diligence and Interactions with Third Party Representatives

Colorado s Data Privacy Law. September 29, 2017

SECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations

DATA PROCESSING AGREEMENT

Preparing your report for the year. Public Sector Salary Disclosure Act Guide

GOVERNMENT EMPLOYEE FRAUD: A MODEL REPORTING FRAMEWORK AND A SURVEY OF CURRENT PRACTICES IN CANADA, THE UNITED STATES AND OTHER JURISDICTIONS

FINANCIAL MANAGEMENT STRATEGY REPORT ON OUTCOMES FOR THE YEAR ENDED MARCH 31, 2017

AccessHosting.com TERMS OF SERVICE

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

Headway Personal Injury Lawyers Code of Conduct

Transcription:

Privacy Breach Planning and Management: A Municipal Perspective Manitoba Ombudsman

What is a Privacy Breach? The improper or unauthorized collection, use, disclosure, retention or disposal of personal and/or personal health information. Such activity is considered unauthorized if it is not permitted by FIPPA and PHIA.

WHY?

In June 2016 our office distributed an electronic survey to 238 organizations, which included: Municipalities School divisions Hospitals Regional health authorities Health-care bodies (that do not fall under an RHA) Boards and commissions Provincial departments Universities Colleges

The Survey

Personal Information? Personal Health Information? Or a Combination of Both? 51% of total respondents indicated that they manage a combination of both personal and personal health information. 23% of municipalities indicated that they manage a combination of both personal and personal health information. The remaining 77% of municipalities responded that they manage only personal information.

Privacy Breaches Three of 56 municipalities that responded indicated that they had experienced a privacy breach in the past three years.

Policies Procedures Guidelines

Privacy Breach Training The majority (78%) of total respondents reported that their organization does not provide training specific to privacy breach management. The majority (89%) of municipalities reported that their organization does not provide training specific to privacy breach management.

Internal Reporting 72% of total respondents reported that a specific person had been designated to manage privacy breaches in their organization. 53% of municipalities reported that a specific person had been designated to manage privacy breaches in their organization which in most cases was the CAO.

Tracking of Privacy Breaches The majority of total respondents (54%) indicated that their organization does not track privacy breaches. The majority of municipalities (77%) indicated that their organization does not track privacy breaches.

Service Agencies and Contractual Obligations 26% of total respondents reported that they have contracts with third-party service agencies. Of those, 46% indicated that their contracts or agreements outline the service agency s responsibilities in the event of a privacy breach. 18% of municipalities reported that they have contracts with third-party service agencies. Two municipalities reported that third-party contracts contain privacy breach provisions.

Service Agencies and Contractual Obligations Where privacy provisions exist, 49% of total respondents reported that there is an obligation in their contract to notify the organization when a privacy breach has occurred. Two municipalities reported that there is an obligation to notify the organization in the event of a privacy breach.

Notification 55% of total respondents reported that they contacted Manitoba Ombudsman when a privacy breach occurred. One municipality reported that they contacted Manitoba Ombudsman when a privacy breach occurred. 74% of total respondents reported that they have notified an affected individual as a result of a privacy breach. Two municipalities reported that they have notified an affected individual as a result of a privacy breach.

Resources 63% of total respondents indicated that privacy breach training and a sample privacy breach policy would be the most valuable resources. 72% of municipalities indicated that privacy breach training and a sample privacy breach policy would be the most valuable resources.

Reducing the occurrence and impact of privacy breaches What can you do? Know what personal and personal health information you have Understand your role under FIPPA and PHIA Have a designated person to manage privacy breaches Develop a privacy breach policy Provide privacy training Ensure privacy responsibilities are outlined in service contracts Assess the impact of a breach and consider notification to affected parties Track and document privacy breaches

New Materials Privacy Breach Resources: https://www.ombudsman.mb.ca/info/privacy-breaches.html

Questions?

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback