Key Steps to Responding to Privacy Breaches. Nova Scotia Freedom of Information and Protection of Privacy Review Office

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Key Steps to Responding to Privacy Breaches. Nova Scotia Freedom of Information and Protection of Privacy Review Office"

Transcription

1 Key Steps t Respnding t Privacy Breaches Nva Sctia Freedm f Infrmatin and Prtectin f Privacy Review Office

2

3 ~ 1 ~ ~ 1 ~ 1 ~ Key Steps t Respnding t Privacy Breaches 1 Key Key Steps Steps t t Respnding t Privacy t Privacy Breaches Breaches 1 1 What is a privacy breach? A privacy breach ccurs whenever there is unauthrized access, t r cllectin, use, disclsure r What What is a privacy is a privacy breach? breach? dispsal f persnal infrmatin. Such activity is unauthrized if it ccurs in cntraventin f the A Freedm privacy A privacy f breach breach Infrmatin ccurs ccurs and whenever whenever Prtectin there there f is Privacy unauthrized is unauthrized Act (FOIPOP), access, access, the t Municipal r cllectin, t r cllectin, Gvernment use, disclsure use, disclsure Act Part r r dispsal dispsal XX (MGA) f r persnal f persnal the Persnal infrmatin. infrmatin. Health Infrmatin Such activity Such activity Act is unauthrized is unauthrized (PHIA). if it ccurs if it ccurs in cntraventin in cntraventin f the f the Freedm Freedm f Infrmatin f Infrmatin and Prtectin and Prtectin f Privacy f Privacy Act (FOIPOP), Act (FOIPOP), the Municipal the Municipal Gvernment Gvernment Act Part Act Part XX What (MGA) XX are (MGA) r the the fur r Persnal the key Persnal steps? Health Health Infrmatin Infrmatin Act (PHIA). Act (PHIA). What What are the are fur the fur key steps? key steps? Step 1: Cntain the Breach Step 2: Evaluate the Risks Step 1: Step 3: Cntain Ntificatin 1: Cntain the Breach the Breach Step 2: Step 4: Evaluate Preventin 2: Evaluate the Risks the Risks Step 3: Step Ntificatin 3: Ntificatin Step 4: Step Preventin 4: Preventin The first three steps shuld be undertaken immediately upn discvery f the breach r in very quick successin. The furth step is undertaken nce the causes f the breach are knwn, in an The first effrt The three t find first lnger three steps steps shuld term shuld be slutins undertaken be t undertaken immediately the identified immediately upn prblem. upn discvery discvery f the f breach the breach r in very r in very quick quick successin. successin. The furth The furth step is step undertaken is undertaken nce the nce causes the causes f the f breach the breach are knwn, are knwn, in an in an effrt Purpse effrt t find f t the lnger find Key lnger term Steps term slutins Dcument slutins t the t identified the identified prblem. prblem. Purpse Privacy Purpse breaches f the f Key the take Steps Key many Steps Dcument different Dcument frms, frm misdirected faxes cntaining tax data, t the lss f hard drives cntaining persnal infrmatin, t medical files blwing ut the back f a garbage Privacy truck. Privacy Public breaches breaches bdies, take municipalities many take many different different and frms, health frms, frm custdians misdirected frm misdirected in Nva faxes Sctia cntaining faxes shuld cntaining tax be prepared data, tax t data, the t t lss the lss f manage hard f hard drives their drives respnses cntaining cntaining t persnal privacy persnal infrmatin, breaches. infrmatin, The t fur medical t key medical files steps blwing files t respnding blwing ut the ut t back privacy the f back a garbage breaches f a garbage truck. are steps truck. Public that Public bdies, have bdies, been municipalities adpted municipalities acrss and health mst and health Canadian custdians custdians jurisdictins in Nva in Sctia Nva in bth Sctia shuld the shuld public be prepared be and prepared private t t manage sectr. manage They their their respnses represent respnses best t privacy privacy t privacy breaches. practices breaches. fr The mitigating fur The key fur steps the key harm steps t respnding arising t respnding frm t privacy a privacy t privacy breaches breach. breaches are steps are steps that have that have been been adpted adpted acrss acrss mst mst Canadian Canadian jurisdictins jurisdictins in bth in the bth public the public and private and private sectr. Use this They dcument represent in cmbinatin best privacy with practices the Privacy fr mitigating Breach checklist the harm (p. arising 13 f this frm dcument) a privacy breach. als sectr. They represent best privacy practices fr mitigating the harm arising frm a privacy breach. available n ur website at Use this dcument in cmbinatin with the Privacy Breach checklist (p. 13 f this dcument) als Use this dcument in cmbinatin with the Privacy Breach checklist (p. 13 f this dcument) als available n ur website at available n ur website at 1 This brchure is adapted frm material prepared by the Office f the Infrmatin Cmmissiner f British Clumbia entitled: Privacy Breaches: Tls and Resurces available at 1 guidance/guidance-dcuments. This This brchure brchure is is adapted adapted frm frm material material prepared prepared by by the the Office Office f f the the Infrmatin Infrmatin Cmmissiner Cmmissiner f f British British 1 Clumbia Clumbia This entitled: entitled: brchure Privacy Privacy is adapted Breaches: Breaches: frm Tls Tls material and and prepared Resurces Resurces by available available the Office at at f the Infrmatin Cmmissiner f British Clumbia entitled: Privacy Breaches: Tls and Resurces available at

4 ~ 2 ~ ~ 2 ~ Other Other Resurces fr fr Health Health Custdians Nte Nte that that the the Persnal Persnal Health Health Infrmatin Act Act (PHIA) (PHIA) has has particular breach breach ntificatin requirements in sectins in sectins and and Included Included in thse in thse prvisins is the is the expectatin that that ntificatin ntificatin will will ccur ccur in prescribed in circumstances, fr fr events events including when when infrmatin is is stlen, stlen, lst lst r subject r subject t unauthrized t access, access, use, use, disclsure, cpying cpying r r mdificatin. The The Gvernment Gvernment f Nva f Nva Sctia Sctia has has prduced prduced a Privacy a Privacy Breach Breach Ntificatin Decisin Decisin Making Making Tl, Tl, t t assist assist custdians custdians in determining determining what what type type f ntificatin f ntificatin is required is required under under PHIA. PHIA. Breach Breach ntificatin ntificatin is ne is ne f the f the fur fur key key steps steps discussed discussed in this in this dcument. dcument. This This dcument dcument may may be be f f assistance assistance t health t health custdians custdians in evaluating evaluating their their verall verall respnse respnse t t a breach. a breach. Ntice t Users Ntice t Users This dcument is intended t prvide general infrmatin nly. It is nt intended, This dcument is intended t prvide general infrmatin nly. It is nt intended, nr can it be relied upn, as legal advice. As an independent agency mandated t nr can it be relied upn, as legal advice. As an independent agency mandated t versee cmpliance with FOIPOP, MGA and PHIA, the Freedm f Infrmatin and versee cmpliance with FOIPOP, MGA and PHIA, the Freedm f Infrmatin and Prtectin f Privacy Review Office (Review Office) cannt apprve in advance Prtectin f Privacy Review Office (Review Office) cannt apprve in advance any prpsal frm a public bdy, municipality r health custdian. We must any prpsal frm a public bdy, municipality r health custdian. We must maintain ur ability t investigate cmplaints and t prvide recmmendatins in maintain ur ability t investigate cmplaints and t prvide recmmendatins in respnse t these cmplaints. The cntents f this dcument d nt fetter r bind respnse t these cmplaints. The cntents f this dcument d nt fetter r bind this ffice with respect t any matter, including any cmplaint investigatin r this ffice with respect t any matter, including any cmplaint investigatin r ther matter, respecting which the Review Officer will keep an pen mind. It ther matter, respecting which the Review Officer will keep an pen mind. It remains the respnsibility f each public bdy, municipality and health custdian, remains the respnsibility f each public bdy, municipality and health custdian, t ensure that they cmply with their respnsibilities under the relevant t ensure that they cmply with their respnsibilities under the relevant legislatin. Cntact infrmatin fr the Review Officer is set ut n page 22 f this legislatin. Cntact infrmatin fr the Review Officer is set ut n page 22 f this dcument; further infrmatin abut ur rle and mandate can be fund at: dcument; further infrmatin abut ur rle and mandate can be fund at:

5 ~ 3 ~ ~ 3 ~ Step 1: Cntain the Breach Step 1: Cntain the Breach Befre cntinuing, yu shuld ensure that yu recrd all steps taken t investigate and manage the Befre breach. cntinuing, The privacy yu breach shuld checklist ensure tl that can yu be recrd used all t cmplete steps taken all t f investigate the steps set and ut manage belw and the breach. t recrd The all relevant privacy breach infrmatin. checklist That tl tl can is be available used t at cmplete p. 13 f all this f dcument the steps set and ut at: belw and t recrd all relevant infrmatin. That tl is available at p. 13 f this dcument and at: Yu shuld take immediate and cmmn sense steps t limit the breach including: Yu shuld take immediate and cmmn sense steps t limit the breach including: Cntain: Immediately cntain the breach by, fr example, stpping the unauthrized Cntain: practice, shutting Immediately dwn cntain the system the breach that was by, breached, fr example, revking stpping r changing the unauthrized cmputer practice, access cdes, shutting sending dwn a remte the system kill that signal was t breached, a lst r stlen revking prtable changing strage cmputer device, access crrecting cdes, weaknesses sending a in remte physical kill security signal r t a searching lst r stlen the neighbrhd prtable strage used device, item crrecting websites (such weaknesses as Kijiji) in fr physical items stlen security frm r a searching car r huse. the neighbrhd r used item websites (such as Kijiji) fr items stlen frm a car r huse. Initial Investigatin: Designate an apprpriate individual t lead the initial investigatin. Initial Begin this Investigatin: prcess the day Designate the breach an apprpriate is discvered. individual This individual t lead the shuld initial have investigatin. the Begin authrity this within prcess the the public day the bdy breach r rganizatin is discvered. t cnduct This individual the initial shuld investigatin have the and authrity make initial within recmmendatins. the public bdy If r necessary, rganizatin a mre t cnduct detailed the investigatin initial investigatin may and make subsequently initial recmmendatins. be required. If necessary, a mre detailed investigatin may subsequently be required. Privacy Officer & Other Internal Ntificatins: Immediately cntact yur Privacy Officer Privacy and the persn Officer respnsible & Other Internal fr security Ntificatins: in yur rganizatin. Immediately Determine cntact yur thers Privacy wh Officer need and t be the made persn aware respnsible f the incident, fr security internally yur at this rganizatin. stage. It is Determine helpful t prepare thers wh in advance need t a list be f made all f aware the individuals f the incident, wh shuld internally be cntacted at this stage. alng It is with helpful current t prepare cntact in advance a infrmatin. list f all f the individuals wh shuld be cntacted alng with current cntact infrmatin. Breach Respnse Team: Determine whether a breach respnse team must be assembled Breach which culd Respnse include Team: representatives Determine frm whether apprpriate a breach business respnse areas team (labur must be relatins, assembled which legal, cmmunicatins, culd include representatives senir management). frm apprpriate Representatives business frm areas privacy (labur and relatins, security legal, shuld cmmunicatins, always be included senir and management). generally the privacy Representatives team is respnsible frm privacy fr and crdinating security shuld the respnse always t be the included incident. and generally the privacy team is respnsible fr crdinating the respnse t the incident. Plice: Ntify the plice if the breach invlves theft r ther criminal activity. Plice: Ntify the plice if the breach invlves theft r ther criminal activity. Preserve evidence: D nt cmprmise the ability t investigate the breach. Be careful Preserve nt t destry evidence: evidence D that nt may cmprmise be valuable the in ability determining t investigate the cause, the breach. r, that Be will careful allw yu nt t t destry take apprpriate evidence that crrective may be actin. valuable in determining the cause, r, that will allw yu t take apprpriate crrective actin.

6 ~ 4 ~ Step 2: Evaluate the Risks Step 2: Evaluate the Risks T determine what ther steps are immediately necessary, yu must assess the risks. Cnsider the fllwing T determine factrs: what ther steps are immediately necessary, yu must assess the risks. Cnsider the fllwing factrs: Persnal Infrmatin Invlved: Persnal Infrmatin Invlved: As sn as pssible get a cmplete list f all f the persnal infrmatin at risk. Generally this As means sn develping as pssible a get list a f cmplete the data list elements f all f lst, the stlen persnal r inapprpriately infrmatin at risk. accessed. Generally Fr this means example, develping the data culd a list f include, the data name, elements address, lst, date stlen f birth, r inapprpriately medical diagnsis accessed. and health Fr card example, number (MSI). the data At culd this stage include, it is name, imprtant address, that the date investigatr f birth, medical cnfirm diagnsis the data and at risk health as card number quickly as (MSI). pssible. At this Be stage aware it that is imprtant if the breach that is the caused investigatr by an errr, cnfirm r versight the data at by risk an as quickly emplyee as they pssible. may be Be reluctant aware that t if fully the disclse breach is the caused scpe by f an the errr, lst data. r versight by an emplyee they may be reluctant t fully disclse the scpe f the lst data. Next, evaluate the sensitivity f the persnal infrmatin. Sme persnal infrmatin is mre Next, sensitive evaluate than thers. the sensitivity Generally f the infrmatin persnal infrmatin. including: health Sme infrmatin, persnal infrmatin gvernment-issued is mre sensitive pieces f infrmatin than thers. such Generally as scial infrmatin insurance including: numbers, health health infrmatin, care numbers gvernment-issued and financial pieces accunt f numbers infrmatin such such as credit as scial card insurance numbers, numbers, is cnsidered health sensitive. care numbers and financial accunt numbers such as credit card numbers, is cnsidered sensitive. Als cnsider the cntext f the infrmatin when evaluating sensitivity. Fr example, a list f Als custmers cnsider n a the newspaper cntext f carrier s the infrmatin rute may when nt evaluating be sensitive. sensitivity. Hwever, Fr a list example, f custmers a list f custmers wh have requested n a newspaper service carrier s interruptin rute while may nt n vacatin be sensitive. wuld Hwever, be mre a sensitive. list f custmers wh have requested service interruptin while n vacatin wuld be mre sensitive. Finally, in yur evaluatin f sensitivity cnsider the pssible use f the infrmatin. Finally, Smetimes in yur it is evaluatin the cmbinatin f sensitivity f the data cnsider elements the pssible that make use the f infrmatin the infrmatin. sensitive r Smetimes capable f being it is the used cmbinatin fr fraudulent f the r data therwise elements harmful that make purpses. the infrmatin sensitive r capable f being used fr fraudulent r therwise harmful purpses. The mre sensitive the infrmatin, the higher the risk. The mre sensitive the infrmatin, the higher the risk. Cause and Extent f the Breach: Cause and Extent f the Breach: The cause and extent f the breach must als be cnsidered in yur analysis f the risks assciated with The cause the breach. and extent Answer f the all breach f the fllwing must als questins: be cnsidered in yur analysis f the risks assciated with the breach. Answer all f the fllwing questins: What is the cause f the breach? What Is there is the a risk cause f nging f the breach? r further expsure f the infrmatin? What Is there was a risk the extent f nging f the r unauthrized further expsure cllectin, f the infrmatin? use r disclsure, including the number f What likely was recipients the extent and the f the risk unauthrized f further access, cllectin, use r use disclsure, r disclsure, including including in mass the media number r f likely nline? recipients and the risk f further access, use r disclsure, including in mass media r nline?

7 ~ 5 ~ Was the infrmatin lst r stlen? If it was stlen, can it be determined whether the infrmatin was the target f the theft r nt? Is the infrmatin encrypted r therwise nt readily accessible? Has the persnal infrmatin been recvered? What steps have yu already taken t minimize the harm? Is this a systemic prblem r an islated incident? Individuals Affected by the Breach Knwing wh was affected by the breach will shape yur strategies in managing the breach and may als determine wh will help manage the breach (e.g. unin emplyees affected likely means labur relatins shuld be n the breach management team), it will als determine wh yu decide t ntify if business partners are affected, then yu will likely want t ntify them. Hw many individuals are affected by the breach? Wh was affected by the breach: emplyees, public, cntractrs, clients, service prviders, ther rganizatins? Freseeable Harm frm the Breach Wh is in receipt f the infrmatin? Fr example, a stranger wh accidentally receives persnal infrmatin and vluntarily reprts the mistake is less likely t misuse the infrmatin than an individual suspected f criminal activity. Is there any relatinship between the unauthrized recipients and the data subject? A clse relatinship between a victim and the recipient may increase the likelihd f harm an estranged spuse is mre likely t misuse infrmatin than a neighbur. What harm t the individuals will result frm the breach? Harm that may ccur includes: Security risk (e.g. physical safety) Identity theft r fraud Lss f business r emplyment pprtunities Hurt, humiliatin, damage t reputatin r relatinships Basis fr ptential discriminatry actin that may be taken against the individual Scial/relatinal harm (damage t the individual s relatinships) What harm culd result t the public bdy r rganizatin as a result f the breach? Fr example: Lss f trust in the public bdy r rganizatin Lss f assets Financial expsure including class actin lawsuits Lss f cntracts/business

8 ~ 6 ~ ~ 6 ~ What harm culd result t the public as a result f the breach? Fr example: Risk t public health What Risk harm t culd public result safety t the public as a result f the breach? Fr example: Risk t public health Risk t public safety Once yu have assessed all f the risks described abve yu will be able t determine whether r nt ntificatin is an apprpriate mitigatin strategy. Further, the risk assessment will help yu t Once yu have assessed all f the risks described abve yu will be able t determine whether r identify apprpriate preventin strategies. nt ntificatin is an apprpriate mitigatin strategy. Further, the risk assessment will help yu t identify apprpriate preventin strategies. The table belw summarizes the risk factrs and suggests a pssible risk rating. Each public bdy, health The table custdian belw r summarizes municipality the must risk factrs make and their suggests wn assessment a pssible f risk the rating. risks Each given public the unique bdy, circumstances health custdian f the r municipality situatin. The must table make is intended their wn t assessment prvide a f rugh the risks guide given t ratings. the unique circumstances f the situatin. The table is intended t prvide a rugh guide t ratings. Risk Rating Overview Factr Risk Rating Overview Risk Rating Factr Lw Medium Risk Rating High Nature f persnal Publicly Lw available Persnal Medium Medical, High psychlgical, infrmatin Nature f persnal persnal Publicly available Persnal infrmatin unique Medical, cunselling, psychlgical, r financial infrmatin infrmatin persnal nt infrmatin t the rganizatin unique cunselling, infrmatin financial r unique assciated infrmatin with nt any t that the is rganizatin nt medical infrmatin gvernment r unique identificatin assciated with any that is nt medical gvernment identificatin ther infrmatin r financial number ther infrmatin r financial number infrmatin infrmatin Relatinships Relatinships Accidental Accidental Accidental Accidental Disclsure Disclsure t an t an disclsure t disclsure disclsure t t a a individual individual with with sme sme anther stranger wh wh relatinship relatinship t r t r prfessinal wh reprted the the breach breach knwledge knwledge f the f affected the affected reprted the breach and cnfirmed destructin r and cnfirmed destructin r r return f f the the infrmatin individual(s), particularly particularly disclsures t mtivated t mtivated ex-partners, family family members, neighbrs neighbrs r return f the c-wrkers c-wrkers infrmatin Theft Theft by stranger by stranger Cause Cause f f breach breach Technical Technical errr Accidental Accidental lss lss r r Intentinal Intentinal breach. breach. that has been disclsure Cause unknwn that has been disclsure Cause unknwn reslved Technical errr if nt reslved Technical errr if nt reslved Scpe Very few affected Identified and Large reslved grup r entire Scpe Very individuals few affected limited Identified grup and f scpe Large f grup grup nt r entire individuals affected limited individuals grup f identified scpe f grup nt affected individuals identified

9 ~ 7 ~ ~ 7 ~ Factr Cntainment Factr effrts Cntainment effrts Freseeable harm frm the breach Freseeable harm frm the breach Risk Rating Overview Risk Rating Lw Risk Rating Overview Medium High Data was Prtable Risk strage Rating Data was nt encrypted adequately Lw device Medium was remtely Data, files r High device have Data encrypted was wiped Prtable within strage hurs nt Data been was recvered nt encrypted adequately Prtable strage f device lss but was there remtely is Data Data, risk files f r further device have encrypted device was n wiped evidence within t hurs disclsure nt been particularly recvered Prtable remtely strage wiped cnfirm f lss but that there is thrugh Data at mass risk media f further r and there is device was nt nline device was n evidence t disclsure particularly evidence that the accessed prir t remtely wiped cnfirm that the thrugh mass media r device was nt wiping and accessed there is prir t Hard device cpy was files nt r nline evidence wiping that the device accessed were prir t device Hard was cpy nt files r recvered wiping but accessed device were prir t sufficient Hard cpy time files r wiping recvered almst passed device between were the Hard immediately cpy files and r all lss recvered and recvery but device files appear were intact that sufficient the data time culd recvered and/r unread almst have passed been between accessed the immediately and all lss and recvery files N appear freseeable intact Lss that the f business data culd r Security risk (e.g. physical and/r harm frm unread the emplyment have been accessed safety) breach pprtunities Identify theft r fraud risk Hurt, humiliatin, Hurt, humiliatin, damage N freseeable Lss f business r Security risk (e.g. physical damage t t reputatin may als be harm frm the reputatin emplyment r a high safety) risk depending n breach relatinships pprtunities the Identify circumstances theft r fraud risk Scial/relatinal Hurt, humiliatin, Risk Hurt, t public humiliatin, health r damage harm damage t safety t reputatin may als be Lss reputatin f trust r in the a high risk depending n public relatinships bdy the circumstances Lss Scial/relatinal f public bdy Risk t public health r assets harm safety Lss f public trust in bdy the cntracts public bdy r business Lss f public bdy Financial expsure assets t public bdy Lss f public bdy including class actin cntracts lawsuits r business Financial expsure t public bdy including class actin lawsuits

10 ~ 8 ~ ~ 8 ~ Step 3: Ntificatin Step 3: Ntificatin Ntificatin can be an imprtant mitigatin strategy that has the ptential t benefit the public bdy, municipality, health custdian and the individuals affected by a breach. Prmpt ntificatin Ntificatin can be an imprtant mitigatin strategy that has the ptential t benefit the public can help individuals mitigate the damage by taking steps t prtect themselves. The challenge is t bdy, municipality, health custdian and the individuals affected by a breach. Prmpt ntificatin determine when ntice shuld be required. Each incident needs t be cnsidered n a case-by-case can help individuals mitigate the damage by taking steps t prtect themselves. The challenge is t basis t determine whether the privacy breach ntificatin is required. In additin, public bdies, determine when ntice shuld be required. Each incident needs t be cnsidered n a case-by-case municipalities and health custdians are encuraged t cntact the Nva Sctia Freedm f basis t determine whether the privacy breach ntificatin is required. In additin, public bdies, Infrmatin and Prtectin f Privacy Review Office fr assistance in managing a breach 2. municipalities and health custdians are encuraged t cntact the Nva Sctia Freedm f Infrmatin Review yur and risk Prtectin assessment f t Privacy determine Review whether Office ntificatin fr assistance apprpriate. in managing a If breach sensitive 2. infrmatin is at risk, if the infrmatin is likely t be misused, if there is freseeable harm, then Review yur risk assessment t determine whether ntificatin is apprpriate. If sensitive yu will likely want t ntify. The list belw prvides further infrmatin t assist in decisin infrmatin is at risk, if the infrmatin is likely t be misused, if there is freseeable harm, then making. yu will likely want t ntify. The list belw prvides further infrmatin t assist in decisin Nte making. t health custdians: There are additinal cnsideratins set ut specifically in PHIA. In particular PHIA requires ntificatin be given t either the affected individual r the Review Officer Nte t health custdians: There are additinal cnsideratins set ut specifically in PHIA. In in accrdance with sectins 69 and 70 f PHIA. particular PHIA requires ntificatin be given t either the affected individual r the Review Officer Neither in accrdance FOIPOP with nr sectins Part XX 69 f the and MGA 70 f requires PHIA. ntificatin. Hwever, as nted abve, ntificatin in apprpriate circumstances is best privacy practice and will help mitigate the lsses suffered by Neither FOIPOP nr Part XX f the MGA requires ntificatin. Hwever, as nted abve, ntificatin individuals as a result f the breach. The steps taken in respnse t a breach have the ptential t in apprpriate circumstances is best privacy practice and will help mitigate the lsses suffered by significantly reduce the harm caused by the breach, which will be relevant in any law suit fr individuals as a result f the breach. The steps taken in respnse t a breach have the ptential t breach f privacy. significantly reduce the harm caused by the breach, which will be relevant in any law suit fr breach f privacy. Ntifying affected individuals Ntifying affected individuals As nted abve, ntificatin f affected individuals shuld ccur if it is necessary t avid r mitigate harm t them. Sme cnsideratins in determining whether t ntify individuals affected As nted abve, ntificatin f affected individuals shuld ccur if it is necessary t avid r by the breach include: mitigate harm t them. Sme cnsideratins in determining whether t ntify individuals affected by the Legislatin breach include: requires ntificatin s. 69 and s. 70 f PHIA fr example; Cntractual Legislatin requires bligatins ntificatin require ntificatin; s. 69 and s. 70 f PHIA fr example; There Cntractual is a risk bligatins f identity require theft r ntificatin; fraud usually because f the type f infrmatin lst, stlen, accessed r disclsed, such as a SIN, banking infrmatin, identificatin numbers; There is a risk f identity theft r fraud usually because f the type f infrmatin lst, stlen, 2 accessed r disclsed, such as a SIN, banking infrmatin, identificatin numbers; The Review Office has the respnsibility fr mnitring hw privacy prvisins are administered and the ability t prvide advice and cmments n the privacy prvisins when requested by public bdies and 2 custdians. The Review Our Office cntact has the infrmatin respnsibility is included fr mnitring at page 22 hw f this privacy dcument. prvisins are administered and the ability t prvide advice and cmments n the privacy prvisins when requested by public bdies and custdians. Our cntact infrmatin is included at page 22 f this dcument.

11 ~ 9 ~ There is a risk f physical harm if the lss puts an individual at risk f stalking r harassment; There is a risk f hurt, humiliatin r damage t reputatin fr example when the infrmatin lst includes medical r disciplinary recrds; There is a risk f lss f business r emplyment pprtunities if the lss f infrmatin culd result in damage t the reputatin f an individual, affecting business r emplyment pprtunities; and There is a risk f lss f cnfidence in the public bdy r rganizatin and/r gd citizen relatins dictates that ntificatin is apprpriate. When and Hw t Ntify Ntificatin shuld ccur as sn as pssible fllwing the breach within days whenever pssible. Hwever, if yu have cntacted law enfrcement authrities, yu shuld determine frm thse authrities, whether ntificatin shuld be delayed in rder nt t impede a criminal investigatin. On very rare ccasins medical evidence may indicate that ntificatin culd reasnably be expected t result in immediate and grave harm t the individual s mental r physical health. In thse circumstances, cnsider alternative appraches, such as having the physician give the ntice in persn r waiting until the immediate danger has passed. Direct ntificatin is preferred by phne, by letter r in persn. Indirect ntificatin via websites, psted ntices r media reprts shuld generally nly ccur in rare circumstances such as where direct ntificatin culd cause further harm r cntact infrmatin is lacking. Using multiple methds f ntificatin in certain cases, may be the mst effective apprach. What shuld be included in the ntificatin? Ntificatins shuld include the fllwing infrmatin: Date f the breach; Descriptin f the breach; Descriptin f the infrmatin inapprpriately accessed, cllected, used r disclsed; Risk(s) t the individual caused by the breach; The steps taken s far t cntrl r reduce the harm; Where there is a risk f identity theft as a result f the breach, typically the ntice shuld ffer free credit watch prtectin as part f the mitigatin strategy; Further steps planned t prevent future privacy breaches;

12 ~ 10 ~ Steps the individual can take t further mitigate the risk f harm (e.g. hw t cntact credit reprting agencies t set up a credit watch, infrmatin explaining hw t change a persnal health number r driver s licence number); Cntact infrmatin f an individual within the public bdy, municipality r health rganizatin wh can answer questins r prvide further infrmatin; Review Officer cntact infrmatin and the fact that individuals have a right t cmplain t the Review Officer under the Privacy Review Officer Act and PHIA. If the public bdy, municipality r health custdian has already cntacted the Review Officer, include this detail in the ntificatin letter. Other surces f infrmatin As nted abve, the breach ntificatin letter shuld include a cntact number within the public bdy, municipality r health custdian, in case affected individuals have further questins. In anticipatin f further calls, yu shuld prepare a list f frequently asked questins and answers t assist staff respnsible fr respnding t further inquiries. Others t cntact Regardless f what yu determine yur bligatins t be with respect t ntifying individuals, yu shuld cnsider whether the fllwing authrities r rganizatins shuld als be infrmed f the breach: Plice if theft r ther crime is suspected; Insurers r thers - if required by cntractual bligatins; Prfessinal r ther regulatry bdies - if prfessinal r regulatry standards require ntificatin f these bdies; Other internal r external parties nt already ntified yur investigatin and risk analysis may have identified ther parties impacted by the breach such as third party cntractrs, internal business units r unins; Review Office - The mandate f the Review Office includes a respnsibility t mnitr hw the privacy prvisins are administered and t prvide advice and cmments n the privacy prvisins when requested by public bdies and health custdians. The fllwing factrs are relevant in deciding whether r nt t reprt a breach t the Review Office: Fr health custdians, s. 70 f PHIA sets ut when the Review Office must be cntacted. Health custdians may wish t cntact the Review Office even when ntificatin is nt required, based n sme f the factrs listed belw;

13 ~ 11 ~ The sensitivity f the infrmatin generally the mre sensitive the infrmatin at risk, the mre likely the Review Office will be ntified; Whether the disclsed infrmatin culd be used t cmmit identity theft; Whether there is a reasnable chance f harm frm the disclsure including nnpecuniary lsses; The number f peple affected by the breach; Whether the infrmatin was fully recvered withut further disclsure; Yur public bdy, municipality r health custdian wishes t seek advice r cmment frm the Review Officer t aid in managing the privacy breach; Yur public bdy, municipality r health custdian requires assistance in develping a prcedure fr respnding t the privacy breach, including ntificatin; Yur public bdy, municipality r health custdian is cncerned that ntificatin may cause further harm; and/r T ensure steps taken cmply with the public bdy s bligatins under privacy legislatin.

14 ~ 12 ~ ~ 12 ~ Step 4: Preventin Step 4: Preventin Once the immediate steps are taken t mitigate the risks assciated with the breach, yu need t take Once the time immediate t thrughly steps are investigate taken t mitigate the cause the f risks the breach. assciated This with culd the require breach, a security yu need audit t f take bth the physical time t thrughly and technical investigate security. the As a cause result f f the this breach. evaluatin, This culd yu shuld require develp a security r audit imprve f bth physical as necessary and technical adequate security. lng term As safeguards a result f this against evaluatin, further breaches. yu shuld develp r imprve as necessary adequate lng term safeguards against further breaches. Typically preventin strategies will address privacy cntrls in all f the fllwing areas: Typically preventin strategies will address privacy cntrls in all f the fllwing areas: Physical Physical Technical Technical Administrative Administrative Persnnel Persnnel S, fr example, if any physical security weaknesses cntributed t the breach, changes made t prevent S, fr example, a recurrence if any shuld physical be security undertaken. weaknesses Systems cntributed cntrls shuld t the als breach, be reviewed changes t made ensure t that prevent all necessary a recurrence technical shuld safeguards be undertaken. are in Systems place. This cntrls culd shuld mean encrypting als be reviewed all prtable t ensure strage devices that all necessary r imprving technical firewall safeguards prtectins are n in a place. database. This culd mean encrypting all prtable strage devices r imprving firewall prtectins n a database. Administrative cntrls wuld include ensuring that plices are reviewed and updated t reflect the Administrative lessns learned cntrls frm wuld the investigatin include ensuring and regularly that plices after are that. reviewed Yur resulting and updated plan shuld t reflect als include the lessns a requirement learned frm fr the an investigatin audit the end and f regularly the prcess, after t that. ensure Yur that resulting the preventin plan shuld plan als has been include fully a requirement implemented. fr If an yu audit d nt at the already end f have the prcess, a privacy t breach ensure prtcl that the in preventin place, ensure plan that has ne been is fully develped implemented. as part f If yur d plan. nt already have a privacy breach prtcl in place, ensure that ne is develped as part f yur plan. Staff f public bdies, municipalities and health custdians shuld be trained t knw the rganizatin s Staff f public bdies, privacy municipalities bligatins under and health FOIPOP, custdians MGA Part shuld XX and/r be trained PHIA. t knw the rganizatin s privacy bligatins under FOIPOP, MGA Part XX and/r PHIA. In the lnger term, public bdies, health custdians and municipalities shuld review and refresh their In privacy lnger term, management public bdies, framewrk health t custdians ensure that and they municipalities cntinue t cmply shuld with review their and privacy refresh bligatins. their privacy Fr management mre infrmatin framewrk n privacy t ensure management that they cntinue framewrks t cmply visit the with Review their privacy Office bligatins. website at: Fr mre infrmatin n privacy management framewrks visit the Review Office website at:

15 Privacy Breach Checklist Nva Sctia Freedm f Infrmatin and Prtectin f Privacy Review Office

16 ~ 13 ~ Privacy Breach Checklist Use this checklist t evaluate yur respnse t a privacy breach and t decide whether r nt t reprt the breach t the Nva Sctia Freedm f Infrmatin and Prtectin f Privacy Review Office 3. Fr a further explanatin f hw t manage a privacy breach see Key Steps t Respnding t Privacy Breaches available at: Date f reprt: Date breach initially discvered: Cntact infrmatin: Public Bdy/Health Custdian/Municipality: Cntact Persn (Reprt Authr): Title: _ Phne: Fax: Mailing Address: Incident Descriptin Describe the nature f the breach and its cause. Hw was the breach discvered and when? Where did it ccur? 3 The Review Office s mandate includes an bligatin t mnitr hw privacy prvisins are administered and t prvide advice and cmments n privacy prvisins n the request f health custdians and public bdies.

17 ~ 14 ~ Steps 1 & 2: Cntainment & Risk Evaluatin Answer each f the fllwing questins and then, based n thse answers, cmplete the risk evaluatin summary n page 17. (1) Cntainment Check all f the factrs that apply: The persnal infrmatin has been recvered and all cpies are nw in ur custdy and cntrl We have cnfirmatin that n cpies have been made We have cnfirmatin that the persnal infrmatin has been destryed We believe (but d nt have cnfirmatin) that the persnal infrmatin has been destryed The persnal infrmatin is encrypted The persnal infrmatin was nt encrypted Evidence gathered s far suggests that the incident was likely a result f a systemic prblem Evidence gathered s far suggests that the incident was likely an islated incident The persnal infrmatin has nt been recvered but the fllwing cntainment steps have been taken (check all that apply): The immediate neighburhd arund the theft has been thrughly searched Used item websites are being mnitred but the item has nt appeared s far Pawn shps are being mnitred A remte wipe signal has been sent t the device but n cnfirmatin that the signal was successful has been receive A remte wipe signal has been sent t the device and we have cnfirmatin that the signal was successful Our audit cnfirms that n ne has accessed the cntent f the prtable strage device We d nt have an audit that cnfirms that n ne has accessed the cntent f the prtable strage device All passwrds and system user names have been changed Describe any ther cntainment strategies used:

18 ~ 15 ~ (2) Nature f Persnal Infrmatin Invlved List all f the data elements invlved (e.g. name, date f birth, SIN, address, medical diagnses, cnnectin with identified service prvider such as welfare r cunselling etc.) Name Address Date f birth Gvernment ID number (specify) SIN Financial infrmatin Medical infrmatin Persnal characteristics such as race, religin, sexual rientatin Other (describe) (3) Relatinship What is the relatinship between the recipient f the infrmatin and the individuals affected by the breach? Stranger Friend Neighbur Ex-partner C-wrker Unknwn Other (describe)

19 ~ 16 ~ ~ 16 ~ (4) Cause f the breach Based (4) Cause n yur f the initial breach investigatin f the breach, what is yur best initial evaluatin f the cause f the breach? Based n Accident yur initial r versight investigatin f the breach, what is yur best initial evaluatin f the cause f the breach? Technical errr Intentinal Accident r theft versight r wrngding Unauthrized Technical errr brwsing Unknwn Intentinal theft r wrngding Other Unauthrized (describe) brwsing Unknwn Other (describe) (5) Scpe f the breach Hw (5) Scpe many f peple the breach were affected by the breach? Very few (less than 10) Hw many Identified peple and were limited affected grup by the (>10 breach? and <50) Large Very few number (less than f individuals 10) affected (>50) Numbers Identified are and nt limited knwn grup (>10 and <50) Large number f individuals affected (>50) (6) Freseeable Numbers are harm nt knwn Identify (6) Freseeable the types harm f harm that may result frm the breach. Sme relate strictly t the affected individual; but harm may als be caused t the public bdy and ther individuals if ntificatins d Identify nt ccur: the types f harm that may result frm the breach. Sme relate strictly t the affected individual; but harm may als be caused t the public bdy and ther individuals if ntificatins d nt ccur: Identify theft (mst likely when the breach includes lss f SIN, credit card numbers, driver s licence numbers, debit card infrmatin etc.) Physical Identify theft harm (mst (when likely the infrmatin when the breach places includes any individual lss f SIN, at risk credit f physical card numbers, harm frm stalking driver s licence r harassment) numbers, debit card infrmatin etc.) Hurt, Physical humiliatin, harm (when damage the infrmatin t reputatin places (assciated any individual with the at risk lss f f physical infrmatin harm such frm as mental stalking health r harassment) recrds, medical recrds, disciplinary recrds) Lss Hurt, f humiliatin, business r damage emplyment t reputatin pprtunities (assciated (usually with as the a result lss f f infrmatin damage t such as reputatin mental health t an recrds, individual) medical recrds, disciplinary recrds) Breach Lss f business f cntractual r emplyment bligatins pprtunities (cntractual prvisins (usually as may a result require f damage ntificatin t f third reputatin parties t in an the individual) case f a data lss r privacy breach) Future Breach breaches f cntractual due t bligatins technical failures (cntractual (ntificatin prvisins t the may manufacturer require ntificatin may be f necessary third parties if a in recall the case is warranted f a data lss and/r privacy t prevent breach) a future breach by ther users) Future Failure breaches t meet prfessinal due t technical standards failures r (ntificatin certificatin t standards the manufacturer (ntificatin may be may be required necessary t if a prfessinal recall is warranted regulatry and/r bdy t r prevent certificatin a future authrity) breach by ther users) Other Failure (specify) t meet prfessinal standards r certificatin standards (ntificatin may be required t a prfessinal regulatry bdy r certificatin authrity) Other (specify)

20 ~ 17 ~ (7) (7) Other Other factrs factrs The The nature nature f f the the public public bdy s bdy s relatinship with the affected individuals may may be be such such that that the the public public bdy bdy wishes wishes t t ntify ntify n n matter what the ther factrs are are because f f the the imprtance f f preserving trust trust in in the the relatinship. Cnsider the type f individuals that were affected by by the the breach. Client/custmer/patient Emplyee Student r r vlunteer Other (describe) Risk Evaluatin Summary: Fr each f the factrs reviewed abve, determine the risk rating. Risk Factr 1) Cntainment 2) Nature f the persnal infrmatin 3) Relatinship 4) Cause f the breach 5) Scpe f the breach 6) Freseeable harm frm the breach 7) Other factrs Overall Risk Rating Risk Rating Lw Medium High Use the risk rating t help decide whether ntificatin is necessary and t design yur preventin strategies. Freseeable harm frm the breach is usually the key factr used in deciding whether r nt t t ntify affected individuals. Step 3 belw analyzes this in mre detail. In general thugh, a medium r high risk rating will always result in ntificatin t the affected individuals. A lw risk rating may als result in ntificatin depending n the unique circumstances f each case.

21 ~ 18 ~ ~ 18 ~ Step 3: Ntificatin Step 3: Ntificatin 1. Shuld affected individuals be ntified? 1. Shuld affected individuals be ntified? Once yu have cmpleted yur verall risk rating, determine whether r nt ntificatin f affected individuals is required. If any f the fllwing factrs apply, ntificatin shuld ccur. If the PHIA test Once is yu satisfied, have cmpleted ntificatin yur must verall ccur. risk rating, determine whether r nt ntificatin f affected individuals is required. If any f the fllwing factrs apply, ntificatin shuld ccur. If the PHIA test Cnsideratin is satisfied, ntificatin Descriptin must ccur. Factr applies Legislatin Cnsideratin Health Descriptin custdians in Nva Sctia must cmply with sectins 69 Factr & 70 f PHIA which require ntificatin applies Risk Legislatin f identity Mst Health likely custdians when the in Nva breach Sctia includes must lss cmply f SIN, with credit sectins card 69 theft number, & 70 f PHIA driver s which licence require number, ntificatin debit card infrmatin, etc. Risk Risk f f identity physical When Mst likely the infrmatin when the breach places includes any individual lss f at SIN, risk credit f physical card harm theft harm number, frm driver s stalking licence r harassment number, debit card infrmatin, etc. Risk Risk f f hurt, physical Often When assciated the infrmatin with the places lss any f infrmatin individual at such risk as f mental physical humiliatin, harm health harm frm recrds, stalking medical r harassment recrds r disciplinary recrds damage Risk f hurt, t Often assciated with the lss f infrmatin such as mental reputatin humiliatin, health recrds, medical recrds r disciplinary recrds Lss damage f business t Where the breach culd affect the business reputatin f an r reputatin emplyment individual pprtunities Lss f business Where the breach culd affect the business reputatin f an Explanatin r emplyment The individual public bdy may wish t ntify if the affected individuals required pprtunities include vulnerable individuals, r where individuals require Explanatin infrmatin The public bdy t fully may understand wish t ntify the if events, the affected even when individuals the risks required have include been vulnerable assessed individuals, as lw r where individuals require Reputatin f Where infrmatin the public t fully bdy understand is cncerned the events, that the even breach when will the risks public bdy undermine have been assessed trust f citizens, as lw the public bdy may decide t ntify Reputatin f in Where rder the t public ease cncerns bdy is cncerned and t prvide that clear the breach infrmatin will public bdy regarding undermine the trust risks f citizens, and mitigatin the public strategies bdy may undertaken, decide t even ntify when in rder risks t ease assessed cncerns are lw and t prvide clear infrmatin regarding the risks and mitigatin strategies undertaken, even when risks assessed are lw

22 ~ 19 ~ 2. When and Hw t Ntify When: Ntificatin shuld ccur as sn as pssible fllwing a breach. Hwever, if yu have cntacted law enfrcement authrities, yu shuld determine frm thse authrities whether ntificatin shuld be delayed in rder nt t impede a criminal investigatin. Hw: The preferred methd is direct by phne, letter, r in persn. Indirect ntificatin via website infrmatin, psted ntices r media shuld generally nly ccur where direct ntificatin culd cause further harm, is prhibitive in cst, r cntact infrmatin is lacking. Using multiple methds f ntificatin in certain cases may be the mst effective apprach. Cnsideratins Favuring Direct Ntificatin The identities f individuals are knwn Current cntact infrmatin fr the affected individuals is available Individuals affected by the breach require detailed infrmatin in rder t prperly prtect themselves frm the harm arising frm the breach Individuals affected by the breach may have difficulty understanding an indirect ntificatin (due t mental capacity, age, language, etc.) Cnsideratins Favuring Indirect Ntificatin Check If Applicable A very large number f individuals are affected by the breach, such that direct ntificatin culd be impractical Direct ntificatin culd cmpund the harm t the individuals resulting frm the breach 3. What t Include in Breach Ntificatin Letters The infrmatin included in the ntice shuld help the individual t reduce r prevent the harm that culd be caused by the breach. Include all f the infrmatin set ut belw: Essential elements in breach ntificatin letters Date f breach Descriptin f breach Descriptin f persnal infrmatin affected Steps taken s far t cntrl r reduce harm (cntainment) Future steps planned t prevent further privacy breaches Steps individuals can take - Cnsider ffering credit mnitring where apprpriate Review Officer cntact infrmatin Individuals have a right t cmplain t the Review Officer Public bdy, municipality r health custdian cntact infrmatin fr further assistance Included

23 ~ 20 ~ 4. Others t cntact Authrity r Organizatin Reasn fr Cntact Applicable Law Enfrcement If theft r crime is suspected Review Officer Fr assistance with develping a prcedure fr respnding t the breach, including ntificatin t ensure steps taken cmply with bligatins under privacy legislatin The persnal infrmatin is sensitive There is a risk f identity theft r ther significant harm A large number f peple are affected The infrmatin has nt been fully recvered The breach is a result f a systemic prblem r a similar breach has ccurred befre Prfessinal r regulatry bdies If prfessinal r regulatry standards require ntificatin f the regulatry r prfessinal bdy Insurers Where required in accrdance with an insurance plicy Technlgy suppliers. If the breach was due t a technical failure and a recall r technical fix is required Cnfirm ntificatins cmpleted: Key cntact Privacy fficer within yur public bdy, municipality r health custdian Plice (as required) Affected individuals Review Officer Prfessinal r regulatry bdy identify: Ntified Technlgy suppliers Others (list)

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Process for Responding to Privacy Breaches

Process for Responding to Privacy Breaches Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

Privacy Breach and Complaint Protocol

Privacy Breach and Complaint Protocol Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

DisplayNote Technologies Limited Data Protection Policy July 2014

DisplayNote Technologies Limited Data Protection Policy July 2014 DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

Creating an Ethical Culture and Protecting Your Bottom Line:

Creating an Ethical Culture and Protecting Your Bottom Line: Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please

More information

Texas Woman's University University Policy Manual

Texas Woman's University University Policy Manual Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

Kentwood Police Department 4742 Walma Ave SE Kentwood, Michigan 49512 (616) 698-6580 http://www.ci.kentwood.mi.us REPORTING IDENTITY THEFT

Kentwood Police Department 4742 Walma Ave SE Kentwood, Michigan 49512 (616) 698-6580 http://www.ci.kentwood.mi.us REPORTING IDENTITY THEFT Kentwd Plice Department 4742 Walma Ave SE Kentwd, Michigan 49512 (616) 698-6580 http://www.ci.kentwd.mi.us REPORTING IDENTITY THEFT If yu are the victim f identity theft and ne f the fllwing cnditins are

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

Employees - recruitment, records and monitoring

Employees - recruitment, records and monitoring Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Scotiabank Group Privacy Agreement

Scotiabank Group Privacy Agreement Sctiabank Grup Privacy Agreement Last revised Octber 2010 Yur privacy is imprtant t Sctiabank. This Agreement sets ut the infrmatin practices fr Sctiabank Grup Members in Canada, including what type f

More information

WORKPLACE INJURY/ILLNESS/INCIDENT INVESTIGATION & REPORTING POLICY (BC VERSION)

WORKPLACE INJURY/ILLNESS/INCIDENT INVESTIGATION & REPORTING POLICY (BC VERSION) WORKPLACE INJURY/ILLNESS/INCIDENT INVESTIGATION & REPORTING POLICY (BC VERSION) Intrductin: Hw t Use This Tl As d all ther jurisdictins, BC requires emplyers t investigate and reprt specific kinds f wrkplace

More information

Malpractice and Maladministration Policy

Malpractice and Maladministration Policy TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

Environment Protection Authority

Environment Protection Authority Envirnment Prtectin Authrity EPA Cmplaints Management Plicy Intrductin This plicy sets ut the purpse, principles and prcess fr hw custmer feedback, including cmplaints, will be managed in the EPA t imprve

More information

DATA REQUEST GUIDELINES

DATA REQUEST GUIDELINES DATA REQUEST GUIDELINES This dcument describes prcedures law enfrcement authrities and individuals invlved in civil litigatin shuld fllw t request data frm LinkedIn and its affiliated service prviders.

More information

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents. Incident & Hazard Reprting Overview At nbn we are safe, disciplined and reliable. nbn is cmmitted t preventing injury, illness and envirnmental harm by prviding a safe and healthy wrking envirnment fr

More information

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective fr audits f financial statements fr perids beginning n r

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Preventing Identity Theft

Preventing Identity Theft Preventing Identity Theft Each year, millins f Americans have their identity stlen. ENG Lending wants yu t have the infrmatin yu need t prtect yurself against identity theft. While there are n guarantees

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

Internet and E-Mail Policy User s Guide

Internet and E-Mail Policy User s Guide Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

Data Protection: Regulating Cyber Security. Jonathan Bamford Head of Strategic Liaison

Data Protection: Regulating Cyber Security. Jonathan Bamford Head of Strategic Liaison Data Prtectin: Regulating Cyber Security Jnathan Bamfrd Head f Strategic Liaisn Hw des DP regulatin affect cyber security? Data Prtectin Act 1998: apprpriate security Privacy and Electrnic Cmmunicatin

More information

Heythrop College Disciplinary Procedure for Support Staff

Heythrop College Disciplinary Procedure for Support Staff Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and

More information

National Australia Bank Limited Group Disclosure & External Communications Policy

National Australia Bank Limited Group Disclosure & External Communications Policy Natinal Australia Bank Limited Grup Disclsure & External Cmmunicatins Plicy Grup Disclsure & External Cmmunicatins Plicy Page 2 f 7 Grup Disclsure & External Cmmunicatins Plicy ( the Plicy ) 1. Overview

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

Information Security Policy

Information Security Policy Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every

More information

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS APPENDIX A FORM ADV (Paper Versin) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS Frm ADV: General Instructins Read these instructins carefully befre

More information

Corporate Standards for data quality and the collation of data for external presentation

Corporate Standards for data quality and the collation of data for external presentation The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published

More information

PRIVACY POLICY. This Privacy Policy describes how and when Pole Star USA, Inc. ( Pole Star ) collects, uses and

PRIVACY POLICY. This Privacy Policy describes how and when Pole Star USA, Inc. ( Pole Star ) collects, uses and PRIVACY POLICY This Privacy Plicy describes hw and when Ple Star USA, Inc. ( Ple Star ) cllects, uses and shares yur infrmatin when yu use Ple Star s NAO Clud Platfrm, which includes the Ple Star website

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Briefing 4 Inquests and the disclosure of information to the coroner

Briefing 4 Inquests and the disclosure of information to the coroner briefing February 2013 The Francis Reprt Briefing 4 Inquests and the disclsure f infrmatin t the crner Key chapters Key recmmendatins 2, 11, 14, 22 274, 45, 273, 282, 283, 17 There is a requirement nt

More information

Accident Investigation

Accident Investigation Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,

More information

GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES For Your Protected Health Information

GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES For Your Protected Health Information GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES Fr Yur Prtected Health Infrmatin THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...

More information

General Records Authority 33. Accredited Training

General Records Authority 33. Accredited Training General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION

More information

UNIVERSITY OF WINCHESTER

UNIVERSITY OF WINCHESTER UNIVERSITY OF WINCHESTER INTRODUCTION DEBT MANAGEMENT POLICY: STUDENTS ACADEMIC YEAR 15/16 This dcument sets ut the plicy f the University in relatin t student debt, alng with the debt management prcedures

More information

0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012

0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012 State f Michigan Administrative Guide t State Gvernment 0820.02 Wrkers Disability Cmpensatin Claims Prcedures Issued: January 1, 1994 Revised: March 29, 2012 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY:

More information

Financial Accountability Handbook

Financial Accountability Handbook Financial Accuntability Handbk >> Vlume 4 Mnitring/assessment Infrmatin Sheet 4.2 Statement by Chief Finance Officer Intrductin Accuntable fficers and statutry bdies are respnsible fr the efficient, effective

More information

There are a number of themed areas for which the Council has responsibility, and each of these is likely to generate debts of a specific type:

There are a number of themed areas for which the Council has responsibility, and each of these is likely to generate debts of a specific type: Wiltshire Cuncil Crprate Debt Recvery Plicy: 29102010 WILTSHIRE COUNCIL CORPORATE DEBT RECOVERY POLICY 1. Intrductin The Cuncil raises a significant prprtin f its ttal incmes thrugh lcal taxes and charges,

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

CSUSB Containment Guidelines CSUSB, Information Security Office

CSUSB Containment Guidelines CSUSB, Information Security Office CSUSB, Infrmatin Security Office Last Revised: 01/30/2013 Final REVISION CONTROL Dcument Title: Authr: File Reference: CSUSB Cntainment Guidelines Javier Trner Date By Actin Pages 03/30/05 J Trner Created

More information

CROPREDY SURGERY Dr J Wright & Dr B Tucker

CROPREDY SURGERY Dr J Wright & Dr B Tucker CROPREDY SURGERY Dr J Wright & Dr B Tucker POLICY - COMPLAINTS Intrductin The bjectives f the cmplaints plicy are as fllws. Any cmplaint is dealt with in an effective and timely manner The cmplainant is

More information

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act

More information

UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM WB-DEC

UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM WB-DEC UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washingtn, D.C. 20549 FORM WB-DEC DECLARATION OF ORIGINAL INFORMATION SUBMITTED PURSUANT TO SECTION 21F OF THE SECURITIES EXCHANGE ACT OF 1934 A. SUBMITTER

More information

Draft for consultation

Draft for consultation Draft fr cnsultatin Draft Cde f Practice n discipline and grievance May 2008 Further infrmatin is available frm www.acas.rg.uk CONSULTATION ON REVISED ACAS CODE OF PRACTICE ON DISCIPLINE AND GRIEVANCE

More information

THIRD PARTY PROCUREMENT PROCEDURES

THIRD PARTY PROCUREMENT PROCEDURES ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

DALBAR Due Diligence: Trust, but Verify

DALBAR Due Diligence: Trust, but Verify BEST INTEREST INVESTMENT RECOMMENDATIONS Advisr Rle under Best Interest Regulatins January 27, 2016 In the era when the cntractual bligatin is t act in the client s best interest, investment decisins can

More information

Maryland General Service (MGS) Area 29 Treatment Facilities Committee (TFC) TFC Instructions

Maryland General Service (MGS) Area 29 Treatment Facilities Committee (TFC) TFC Instructions Maryland General Service (MGS) Area 29 Treatment Facilities Cmmittee (TFC) TFC Instructins Lve And Service Facility Presentatin t Patients We are frm Alchlics Annymus (AA), fr AA, and ur service is fr

More information

Human Research Protection Program Investigating Reports of Research Non-compliance at MMC

Human Research Protection Program Investigating Reports of Research Non-compliance at MMC Human Research Prtectin Prgram Investigating Reprts f Research Nn-cmpliance at MMC SOP- I.5.D, II.2.F, II.2.G A-II.2.F, II.2.G 1. POLICY 1.1 Definitins 1.1.1 Nn-cmpliance Failure n the part f a PI r any

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

To clarify terms used within these policies, the following definitions are provided:

To clarify terms used within these policies, the following definitions are provided: Baker University Email Plicy E-mail services are prvided t the Baker cmmunity in supprt f the educatinal missin f the University and the administrative functins t carry ut that missin. Users f Baker e-mail

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Internet and Social Media Solicitations: Wise Giving Tips

Internet and Social Media Solicitations: Wise Giving Tips Internet and Scial Media Slicitatins: Wise Giving Tips Charities use a wide variety f methds t slicit charitable dnatins. New and pwerful technlgies utilize nt just the internet and email, but als scial

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

OUR DISCIPLINARY POLICY

OUR DISCIPLINARY POLICY OUR DISCIPLINARY POLICY WHO is this plicy fr? Channel 4 emplyees wh ve passed their prbatinary perid Channel 4 managers This plicy des nt frm part f any emplyee s cntract f emplyment and we may amend it

More information

BUPA DENTAL PLAN A P P L I C AT I O N F O R M

BUPA DENTAL PLAN A P P L I C AT I O N F O R M BUPA DENTAL PLAN A P P L I C AT I O N F O R M Please cmplete all relevant sectins f the frm in BLOCK CAPITALS and BLACK INK and return it t: Cnsumer Partnerships, FPS Dental, Bupa, Willw Huse, Chertsey

More information

GUIDELINES ON MANAGEMENT OF CYBER RISK SC-GL/2-2016

GUIDELINES ON MANAGEMENT OF CYBER RISK SC-GL/2-2016 GUIDELINES ON MANAGEMENT OF CYBER RISK SC-GL/2-2016 1 st Issued: 31 Octber 2016 1 GUIDELINES ON MANAGEMENT OF CYBER RISK Effective Date upn 1 st Issuance: 31 Octber 2016 2 CONTENTS Page PART A: GENERAL...

More information

Accessible Service Policy

Accessible Service Policy Accessible Service Plicy Date Created Revisin Oct. 16, 2012 1 Gal This plicy is intended t meet the requirements f the Accessibility Standards fr Custmer Service, Ontari Regulatin 429/07 under the Accessibility

More information

Remote Working (Policy & Procedure)

Remote Working (Policy & Procedure) Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer

More information

Colorado Rapids Youth Soccer Club Social Media and Electronic Communication Policies

Colorado Rapids Youth Soccer Club Social Media and Electronic Communication Policies Clrad Rapids Yuth Sccer Club Scial Media and Electrnic Cmmunicatin Plicies OVERVIEW Online, scial media and ther electrnic cmmunicatin tls such as text messaging have becme a prevalent and effective means

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

Identity fraud and theft

Identity fraud and theft Page 1 f 5 Identity theft is when yur persnal details are stlen and identity fraud is when thse details are used t cmmit fraud. Mre abut identity fraud and identity theft Identity fraud can happen when:

More information

Getting Followers to Follow After a Sale

Getting Followers to Follow After a Sale Getting Fllwers t Fllw After a Sale 12 December 2014 Overview Scial media is a phenmenn that is gaining mmentum in ppularity by the day. Scial media prviders (SMPs) prvide services that allw users t interact

More information

Process Safety Management Program for Contractors

Process Safety Management Program for Contractors Page 1 f 6 Sect: 1.0 Purpse 2.0 Scpe This sectin cntains requirements fr Ardent (Cntract Emplyer) and ur subcntractrs fr the purpse f assisting ur clients in preventing r minimizing the cnsequences f catastrphic

More information

COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS

COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS fr STUDY ABROAD PROGRAMS Belw is a list f items t address and questins that need t be addressed in the cmprehensive safety assessment. In additin t the safety

More information

17 Construction environmental management plan (CEMP)

17 Construction environmental management plan (CEMP) 17 Cnstructin envirnmental management plan (CEMP) Bur Happld Cntents 17 Cnstructin Envirnmental Management Plan (CEMP) 17-1 17.1 Intrductin 17-1 17.2 Intrductin t EMS 17-1 17.2.1 Plicy 17-2 17.2.2 Planning

More information

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012 Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut

More information

Columbine Federal Credit Union ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE

Columbine Federal Credit Union ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE Clumbine Federal Credit Unin ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE 1. Online Banking/Bill Payment 2. Online Banking/ Bill Payment Limitatins 3. Online Bill Payment

More information

Frequently Asked Questions About I-9 Compliance

Frequently Asked Questions About I-9 Compliance Frequently Asked Questins Abut I-9 Cmpliance What is required t verify wrk authrizatin? The basic requirement t verify wrk authrizatin is the Frm I-9. This frm is available n the HR website: http://www.fit.edu/hr/dcuments/frms/i-9.pdf

More information

State Fleet Card Oversight Usage and Responsibilities

State Fleet Card Oversight Usage and Responsibilities State Fleet Card Oversight Usage and Respnsibilities Intrductin The Department f General Services (DGS), Office f Fleet and Asset Management (OFAM) administers a statewide ne-prvider payment system cntract

More information

Purpose Statement. Objectives

Purpose Statement. Objectives Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin

More information

BCS, THE CHARTERED INSTITUTE FOR IT TRUSTEE BOARD REGULATIONS - SCHEDULE 3 CODE OF CONDUCT FOR BCS MEMBERS

BCS, THE CHARTERED INSTITUTE FOR IT TRUSTEE BOARD REGULATIONS - SCHEDULE 3 CODE OF CONDUCT FOR BCS MEMBERS Intrductin BCS, THE CHARTERED INSTITUTE FOR IT TRUSTEE BOARD REGULATIONS - SCHEDULE 3 CODE OF CONDUCT FOR BCS MEMBERS As a prfessinal bdy the British Cmputer Sciety (knwn as BCS, the Chartered Institute

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information