1 Video Surveillance MC Approval: December 2001 Policy Responsibility: Director, Corp. Comm. & PA Contact name: FOI Coordinator Purpose To ensure that all applications of video surveillance in BCBC-administered buildings are authorized and are compliant with the Freedom of Information and Protection of Privacy Act (FOI/POP Act); and, To establish standards for security and privacy. Policy 1. Video surveillance shall be used only for the protection of the safety of employees, customer occupants, and assets and property of BCBC and its clientele. 2. Video surveillance will not occur in staff lunchrooms, nor in areas where there is an expectation of privacy, e.g., washrooms, change rooms, etc. Note, cameras in correctional facility cells must have signage displayed advising of cameras. 3. Covert surveillance (i.e., hidden cameras without signage) should only be used when it is determined to be the only available option. See Item 2 under Application. 4. All areas subject to surveillance will be identified to those in the area by way of signage. See Appendix 1 for recommended wording. Roof-top cameras also require signage that is visible to the public. 5. Surveillance applications will be monitored by authorized personnel only. 6. Any records (videotapes, still photographs, digital images, etc.) produced by surveillance systems shall be kept in a secure, locked facility or manner and managed appropriately by the customer to protect legal obligations and evidentiary values. 7. Each video surveillance application will document procedures for achieving these principles and position(s) responsible (e.g., times that cameras are operational, where signage will be located, etc.). Note: One site is an application if all cameras are being used for the same purpose. If different cameras are being used for different purposes, then they are different applications. 8. Dummy (intentionally non-operational) cameras shall NOT employ signage indicating surveillance is taking place. 2
2 - page 2 - Application 1. This policy applies to all buildings owned, leased or administered by BCBC. If a building is occupied by BCBC, BCBC is considered the customer for the purposes of this policy. 2. This policy does not apply to surveillance activities of law enforcement agencies engaged in a lawful investigation. However, routine video surveillance in court or correctional facilities is subject to the same rules regarding privacy as any other public body. Each application, therefore, still requires that a privacy impact assessment be completed and that requirements of the FOI/POP Act have been addressed. For covert surveillance, a detailed and comprehensive assessment must be conducted and authorized by a senior level of corporate management and the FOI Coordinator prior to the decision to implement. This is to ensure that it is the only available option and that benefits derived from the material obtained far outweigh the violation to the privacy rights of the subjects being observed. 3. Appropriate signage will be created and installed as part of BCBC s usual customer service following a signed Request for Service form or minor client request. See Appendix 1 for suggested wording. 4. There are certain mandatory requirements that must be fulfilled prior to the installation of video surveillance. See Appendix 2 - Procedures for listed requirements. Responsibility Customers requesting the installation of video surveillance will assume all responsibility for the justification, compliance and on-going administration of surveillance systems, including any recorded material produced. See Policy Items 5 through 7 for a specific listing of these customer responsibilities. Customers are responsible for designating a contact person to ensure compliance with this policy and related procedures. This person will be responsible for: Communication with appropriate staff and employee representatives (i.e., Unions) will be the responsibility of the customer contact person. Any training required for surveillance purposes will also be the responsibility of the customer.
3 Responsibility (continued) Prior to the installation of a surveillance system, BCBC s appropriate contact person shall be responsible for communicating this corporate policy to their customer. In support of their customers, BCBC, through district office staff, will assume responsibility for the installation and on-going maintenance for such systems, as negotiated with the customer, as they would for other tenant improvements. BCBC will ensure that all installations of video surveillance completed by BCBC will conform to this policy. The Director, Corporate Communications and Public Affairs, is responsible for review of the policy and any future revisions. The Vice President, Property Management, will be responsible for the application of this Policy.
4 Appendix 1 Video Surveillance Signage Clearly visible signage, identifying the use of video surveillance cameras, must be installed in the building entrance and/or parking garage, and wherever else there are cameras. Suggested wording: This area is monitored by video camera. For further information, please contact the Manager, Central Services, Each ministry/agency will designate a contact person for each application.
5 Appendix 2 Procedures 1. Completion and approval of a Request for Services form, which covers both surveillance equipment and installation as well as appropriate signage. 2. Approval from building owner (if other than BCBC). 3. Completion and approval of a Privacy Impact Assessment form by customer. See Appendix 3. For your information and use, blank forms of the Privacy Impact Assessment are available at (Select the Privacy Impact Assessment Process button.)
6 Appendix 3 PRIVACY IMPACT ASSESSMENT FORM (revised November 1, 2001) CONSULTATIONS WITH PRIVACY EXPERTS ON SPECIFIC QUESTIONS Even though the revised PIA has been designed with a view to being completed, at least in part, by program staff, there are a number of questions in the PIA where consultations with privacy experts are recommended if not required. These questions have been designated with an asterisk in the margin. (I) BASIC INFORMATION 1. Ministry/Public Body and Program Area. 2. Contact Position and/or Name, Telephone Number and Address (this should be the name of the individual most qualified to respond to questions regarding the PIA). 3. Description of the Program/System/Legislation/Other (Initiative) being assessed. (Note here if the initiative does not collect, use or disclose personal information). If this is a change to an existing legislation, system or program, describe the current system or program and the proposed changes. (II) DESCRIPTIVE INFORMATION 1. Describe the elements of personal information that will be collected, used or disclosed and the nature and sensitivity of the personal information. 2. Purpose/Objectives of the Initiative (if statutory, provide citation). * 3. What are the potential impacts of this proposal? (Include privacy impacts in this description)
7 4. Provide details of any previous PIA or other form of personal information assessment done on this Initiative (in whole or in part). 5. Provide a description (either a narrative or flowchart) of the linkages and flows of personal information collected, used and/or disclosed. (III) PERSONAL INFORMATION COLLECTION (Sections 26 and 27 of the Freedom of Information and Protection of Privacy Act (FOIPP Act) 1. Authorization for Collection: No personal information may be collected by or for a public body unless authorized under the FOIPP Act (as covered by numbers i, ii, or iii below). Definition: Collect means to bring or come together; assemble; accumulate; obtain (taxes, contributions, etc.) from a number of people; receive money. (i). Has the collection of personal information been specifically authorized by, or under, an Act? Yes No If Yes, please specify the name of the Act and relevant section. (ii). Has the personal information been collected for law enforcement purposes? Yes No Definition: Law enforcement" means (a) policing, including criminal intelligence operations; (b) investigations that lead or could lead to a penalty or sanction being imposed; or, (c) proceedings that lead or could lead to a penalty or sanction being imposed. * (iii). Is the personal information directly related to, and necessary for, an operating program or activity of the public body? Yes No If none of the above questions have been answered "Yes," your office does not have the authority under the FOIPP Act to collect the personal information in question. Please contact your Director/Manager of Information and Privacy (DMIP) for ministries or the position responsible for FOI and Privacy Coordination (FOIPP Coordinator) for other public bodies. 2. How will the personal information be collected? A public body must collect personal information directly from the individual the information is about, with certain specific exceptions.
8 Direct Collection (i). Will the personal information be collected directly from the individual that the information is about? Yes No If you are only collecting personal information directly as noted above, you will not need to do the next section on indirect collection. Indirect Collection If the personal information has not been collected directly from the individual it is about, check which of the following authorizes the indirect collection: (i). Did the individual the information is about authorize another method of collection? (ii). Has indirect collection been authorized by the Information and Privacy Commissioner? (iii). Has indirect collection been authorized by another enactment? Specify name of Act and relevant section(s). (iv). Is the personal information being collected for the purpose of determining suitability for an honour or award including an honorary degree, scholarship, prize or bursary? (v). Is the personal information being collected for the purpose of a proceeding before a court or a judicial or quasi judicial tribunal? (vi). Is the personal information being collected for the purpose of collecting a debt or fine or making a payment? (vii). Is the personal information being collected for the purpose of law enforcement? * (viii). Is a public body collecting personal information disclosed to it under sections 33 to 36 of the FOIPP Act? Specify relevant section(s) or subsections that apply. Additional details as required (e.g., explanation of method of collection). If none of the above authorities have been checked, your office does not have the authority under the FOIPP Act to collect the personal information in question. Please contact your DMIP or FOIPP Coordinator.
9 3. Notification to collect information A public body must not collect personal information from an individual without notifying them of the collection as outlined below. (i). Has the individual whose personal information is being collected, been informed of: (a) the purpose for collection? Yes _ No _ (b) the legal authority for collecting it? Yes _ No _ (c) the contact information of the person who can answer questions regarding the collection? Yes _ No _ Notification is not required if the answer is yes to either of the following: (ii). Is the personal information about law Enforcement or anything referred to in Section 15(1) or (2) of the FOIPP Act? Yes _ No _ (iii). Has the minister responsible for the FOIPP Act excused your public body from complying because it would: (a) result in the collection of inaccurate information, or (b) defeat the purpose or prejudice the use for which the personal information is collected? Yes _ No _ Additional details as required (e.g., method of notification). If you have not provided the required notification as outlined in Section (i) above, please contact your DMIP or FOIPP Coordinator. (IV) USE OF PERSONAL INFORMATION (Section 32 of the FOIPP Act) Under the FOIPP Act, personal information held by public bodies may only be used for certain specified purposes as outlined below. Definition: "use" of personal information means employing it to accomplish the public body's objectives; for example, to administer a program or activity, to provide a service or to determine someone's eligibility for a benefit or suitability for a job. Definition: consistent means for the purposes for which the information was obtained or compiled if the use (a) has a reasonable and direct connection to that purpose, and (b) is necessary for performing the statutory duties of, or for operating a legally authorized program of, the public body that uses or discloses the information. The public body must check one or more of the authorities listed below. 1) Has the individual the personal information is about consented to the use? Note: Supporting documentation must be on file. 2) Will the information be used only for the purpose for which it was obtained or compiled or for a use consistent with the original purpose?
10 Please provide details of the original purpose for which the personal information was obtained or compiled. Please also provide, if applicable, details of the consistent/secondary use. * 3) If the personal information was disclosed to the public body under sections 33 to 36, is the information being used for that same purpose? Specify subsection(s) that are being applied. If you have not checked one of the above, you do not have the authority to use the information. Please contact your DMIP or FOIPP Coordinator. (V) DISCLOSURE OF PERSONAL INFORMATION (Sections 33, 35, 36 of the FOIPP Act) A public body may disclose personal information only as authorized under the FOIPP Act (as noted below). It should be noted that section 33 of the FOIPP Act also authorizes the disclosure of personal information in responding to FOI requests. Definition: "Disclose/disclosure" means to reveal, show, expose, provide copies of, sell, give or tell (personal or non-personal information or records). 1. Disclosure of Personal Information (Section 33) Section 33 of the FOIPP Act provides the legislative authority to disclose personal information; i.e., personal information cannot be disclosed unless authorized by section 33. Please check the main authorization(s) for disclosure below. (i). If the individual the information is about has identified the information and consented to its disclosure, (Note: Supporting documentation must be on file) (ii). For the purpose for which it was obtained or compiled or for a use consistent with that purpose (see section 34), Please provide details of the original purpose for which the personal information was obtained or compiled. Please also provide, if applicable, details of the consistent/ secondary use. (iii). For the purpose of complying with an enactment of, or with a treaty, arrangement or agreement made under an enactment of, British Columbia or Canada, Specify name of Act and relevant section(s).
11 (iv). For the purpose of complying with a subpoena, warrant or order issued or made by a court, person or body with jurisdiction to compel the production of information, (v). To an officer or employee of the public body or to a minister, if the information is necessary for the performance of the duties of, or for the protection of the health or safety of, the officer, employee or minister, (vi). To the Attorney General for use in civil proceedings involving the government, (vii). To the Attorney General or a person referred to in section 36 of the Coroners Act, for the purposes of that Act, (viii). For the purpose of collecting a debt or fine owing by an individual to the government of British Columbia or to a public body, or making a payment owing by the government of British Columbia or by a public body to an individual, (ix). To the auditor general or any other prescribed person or body for audit purposes, (x). To a member of the Legislative Assembly who has been requested by the individual the information is about to assist in resolving a problem, (xi). To a representative of the bargaining agent who has been authorized in writing by the employee whom the information is about, to make an inquiry, (xii). To the British Columbia Archives and Records Service, or the archives of a public body, for archival purposes, (xiii). To a public body or a law enforcement agency in Canada to assist in an investigation (i) undertaken with a view to a law enforcement proceeding, or (ii) from which a law enforcement proceeding is likely to result, (xiv). If the public body is a law enforcement agency and the information is disclosed (i) to another law enforcement agency in Canada, or (ii) to a law enforcement agency in a foreign country under an arrangement, written agreement, treaty or legislative authority, (xv). If the head of the public body determines that compelling circumstances exist that affect anyone's health or safety and if notice of disclosure is mailed to the last known address of the individual the information is about,
12 (xvi). So that the next of kin or a friend of an injured, ill or deceased individual may be contacted. Additional details as required. If you have not checked any of the above authorizations for disclosure or require clarification, you should contact your DMIP or FOIPP Coordinator. 2. Systematic or Repetitious Disclosures/Exchanges (i). Do the disclosures of personal information under section 33 occur on a regular basis? Yes No (ii). Has an Information Sharing Agreement been Completed for these disclosures/exchanges? Yes No (iii). Has information related to the Information Sharing Agreements(s) been entered into the Personal Information Directory? Yes No Personal information exchanges within a public body do not normally require an ISA if they are for a consistent purpose as defined under section 33(c) of the Act or are necessary for the performance of an employee of the public body under section 33 (f). However, depending on the nature and sensitivity of the personal information exchanged, the public body might choose to prepare an ISA or similar written statement of understanding. 3. Research or Statistical Purposes (under Section 35 of the FOIPP Act) (i). Has a researcher requested access to personal information in an identifiable form for research purposes? Yes No If yes, a research agreement that conforms to the criteria established in section 35(d) must be in place. Contact your DMIP or FOIPP Coordinator for assistance. Please note: research using personal information may only be conducted if it meets all of the terms of section Archival or Research Purposes (under Section 36 of the FOIPP Act) The British Columbia Archives, or the archives of a public body, may disclose personal information for archival or historical purposes as authorized by Section 36. Please check the authorization(s) for disclosure listed below. * (i). the disclosure would not be an unreasonable invasion of personal privacy under Section 22. (ii). the disclosure is for historical research and is in accordance with section 35 (research agreements) (iii). the information is about someone who has been dead for 20 or more years. _ (iv). the information is in a record that has been in existence for 100 or more years. _
13 Additional details as required. If you have not checked any of the above authorizations for disclosure or require clarification, you should contact your DMIP or FOIPP Coordinator. (VI) ACCURACY AND CORRECTION OF PERSONAL INFORMATION (Sections 28 and 29 of the FOIPP Act) If an individual s personal information will be used by a public body to make a decision that directly affects the individual, the public body must make every reasonable effort to ensure that the information is accurate and complete. An individual must also have the ability to access to, or have corrected or annotated their personal information or a period of one year after a decision has been made based upon the personal information. (i). Are there procedures in place to enable an individual to request/review a copy of their own personal information? Yes No (ii). Are there procedures in place to correct or annotate an individual s personal information if requested including what source was used to up-date the file? Yes No (iii). If personal information is corrected, are there procedures in place to notify other holders of this information? Yes No If yes, please provide the name of the policy and/or procedures, a contact person and phone number. Additional details as required. If any of the questions above have been answered "No", please contact your DMIP or FOIPP Coordinator for further clarification. (VII) SECURITY ARRANGEMENTS FOR THE PROTECTION OF PERSONAL INFORMATION (Section 30 of the FOIPP Act) Note: For PIAs related to new or existing systems, this section should be completed by the branch of the ministry responsible for systems maintenance and security and signed off, by this branch, in the Signatures section. For PIAs that do not involve systems initiatives, this section should be completed by the Branch or DMIP/FOI Coordinator completing the PIA. In this case, the signature of the systems representative is not required.
14 A public body must protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal. GMOP Section requires public bodies to conduct a Security Threat Risk Assessment for information systems. Definition: "Reasonable security arrangements" are those which a fair, rational person would think were appropriate to the sensitivity of the information and to the medium in which it is stored, transmitted, handled, or transferred. A sliding scale of security arrangements is appropriate, depending on the sensitivity of the personal information that a public body handles. 1) Is there reasonable technical security in place to protect against unauthorized access or disclosure? Yes No Please explain. 2) Is there reasonable physical security in place to protect against unauthorized access or disclosure? Yes No Please explain. 3) Are there branch policies and procedures in place for the security of personal information during routine collection, use and disclosure of the information? Yes No If yes, please provide the name of the policy and/or procedures, a contact person and phone number. 4) Have user access profiles been assigned on a need to know basis? Yes No 5) Do controls and procedures exist for the authority to add, change, or delete personal information? Yes No 6) Does your system security include an on-going audit process that can track use of the system (e.g., when and who accessed and updated the system)? Yes No Please explain the audit process and indicate how frequently audits are undertaken and under what circumstances. Does the audit identify inappropriate accesses to the system? Yes No _
15 Additional details as required. If any of the questions above have been answered "No", please contact your DMIP or FOIPP Coordinator. (VIII) RETENTION OF PERSONAL INFORMATION (SECTION 31) If a public body uses an individual s personal information to make a decision that directly affects the individual, the public body must retain that information for at least one year after using it so that the individual has a reasonable opportunity to obtain access to it. 1) Do you have an approved records retention and disposition schedule? Yes No 2) Is there a records retention schedule to ensure information used to make a decision that directly affects an individual is retained for at least one year after use? Yes No If you answered "No" to the above questions, your procedures may need to be revised. Please contact your DMIP or Records Officer. Note: Records of provincial public bodies and specifically designated organizations/public bodies cannot be destroyed unless approval is granted under the authority of the Document Disposal Act. Please consult with a Records Officer to initiate the records scheduling process. (IX) DIRECTOR/MANAGER OF INFORMATION AND PRIVACY (DMIP) OR FOIPP COORDINATOR REVIEW 1) Have you contacted the individual responsible for the completion of the PIA to discuss the information submitted, in particular those questions identified by an Asterisk? Yes No 2) Does the Initiative meet the requirements of the FOIPP Act? Yes _ No _ 3) Is there a mechanism in place to review this PIA as appropriate to ensure the information remains current? Yes _ No _ Are you satisfied that the policies/procedures for correction and/or annotation are adequate?
16 If there is additional information that would support the intended collection, use or disclosure of the personal information, please either insert in the appropriate text box or append to the PIA. Comments
17 X) SIGNATURES: PUBLIC BODY APPROVAL: Program Manager (if appropriate) Date Director/Manager of Information Information and Privacy/FOIPP Coordinator Date Ministry Contact Responsible for Systems Maintenance and Security [this signature only required for PIAs on new or existing systems] Date Assistant Deputy Minister or Equivalent Date MINISTRY OF MANAGEMENT SERVICES REVIEW: Corporate Information and Privacy Advisor Date Director, Corporate Privacy and Information Access Date
PRIVACY IMPACT ASSESSMENT I BASIC INFORMATION - New or Eisting Program, System or Legislation 1. Public Body and Program Area. School District Initiative Title School District 70 (Alberni) Office 365 for
1 The Health Information Protection Act being Chapter H-0.021* of the Statutes of Saskatchewan, 1999 (effective September 1, 2003, except for subsections 17(1), 18(2) and (4) and section 69) as amended
Province of Alberta Statutes of Alberta, Current as of December 17, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton,
A Guide to Ontario Legislation Covering the Release of Students Personal Information Revised: June 2011 Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada Commissioner, Ontario,
Personal Data Protection Policy and Practices ( the Policy ) FWD Life Insurance Company (Bermuda) Limited ("the Company") is committed to implementation and compliance with the provisions of the Personal
Date: August 29, 2012 File No.: 2008/101 SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003 Saskatchewan Workers Compensation Board Summary: The Commissioner
PBGC-19: Office of General Counsel Case Management System Excerpted from Federal Register: Sept. 9, 2014 (Volume 79, Number 174) General Routine Uses System Name: Office of General Counsel Case Management
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND
Province of Alberta HEALTH INFORMATION ACT Revised Statutes of Alberta 2000 Current as of June 17, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park
Page 2 TABLE OF CONTENTS INTRODUCTION...3 THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT...3 THE INFORMATION AND PRIVACY COMMISSIONER...5 RECORDS AND REQUESTING ACCESS...6 REQUESTING A REVIEW
First Session Tenth Parliament Republic of Trinidad and Tobago REPUBLIC OF TRINIDAD AND TOBAGO Act No. 13 of 2011 [L.S.] AN ACT to provide for the protection of personal privacy and information [Assented
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION
Province of Alberta HEALTH INFORMATION ACT Revised Statutes of Alberta 2000 With amendments in force as of May 16, 2003 Office Consolidation Published by Alberta Queen s Printer Queen s Printer Bookstore
FOIP: A Guide Revised November 2006 (updated to reflect A.R. 186/2008) ISBN 0-7785-3699-8 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155 102 Street Edmonton, Alberta, Canada T5J 4L4 Office
Conducting Surveys: A Guide to Privacy Protection Revised January 2007 (updated to reflect A.R. 186/2008) ISBN 978-0-7785-6101-9 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155 102 Street
AUDIT REPORT OF THE PRIVACY COMMISSIONER OF CANADA Passenger Protect Program Transport Canada Section 37 of the Privacy Act 2009 AUDIT OF PASSENGER PROTECT PROGRAM, TRANSPORT CANADA The audit work reported
Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
Effective: Feb 18, 2015 Executive Director Replaces: 2010 Policy Page 1 of 5 REFERENCE: HIGH FIVE 1.4.3, 2.2.4, 2.5.3, PIDEDA POLICY: Our Commitment Boys and Girls Clubs of Kawartha Lakes (BGCKL) and the
New South Wales Casino, Liquor and Gaming Control Authority Act 2007 No 91 Contents Part 1 Part 2 Preliminary Page 1 Name of Act 2 2 Commencement 2 3 Definitions 2 4 Meaning of gaming and liquor legislation
Accountable Privacy Management in BC s Public Sector Contents Accountable Privacy Management In BC s Public Sector 2 INTRODUCTION 3 What is accountability? 4 Steps to setting up the program 4 A. PRIVACY
HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial
ch3600a00a 02-12-00 01:13:30 ACTA Unit: PAGA Rev RA Proof, 29.11.2000 Freedom of Information Act 2000 CHAPTER 36 ARRANGEMENT OF SECTIONS Part I Access to information held by public authorities Right to
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
Camera Use Policy Type: Administrative Responsible Office: VCU Police Department Initial Policy Approved: 12/04/2015 Current Revision Approved: New Policy Statement and Purpose VCU is committed to enhancing
Kimmel Chaplain Pharmacy NCPDP: 1413018 205 Bailey Lane Benton, IL 62812 Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET
THE EAST AFRICAN COMMUNITY STATUTORY INSTRUMENTS SUPPLEMENT No. 1 11th May, 2012. to the East African Community Gazette No. 7 of 11th May, 2012. Printed by the Uganda Printing and Publishing Corporation,
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. IF YOU HAVE ANY
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
1 PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Privacy Notice is being
CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com firstname.lastname@example.org David T.S. Fraser Partner McInnes Cooper David.email@example.com
Departmental Directive on the Management of Information in the Student Record and Other Records Pertaining to Students 1998 Minister's Message The development of this Directive coincides with the requirement
Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles
HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address
DATA USE AGREEMENT This Data Use Agreement (the Agreement ), effective as of the day of, 20, is by and between ( Covered Entity ) and ( Limited Data Set Recipient or Recipient ) (collectively, the Parties
The Union of Myanmar The State Peace and Development Council The Electronic Transactions Law ( The State Peace and Development Council Law No. 5/2004 ) The 12th Waxing of Kason 1366 M.E. (30th April, 2004)
The USA Patriot Act Government Briefing Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004 Agenda Background Overview of Government Responses and Approach Mitigation
GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS When used appropriately, identity management systems provide safety and security where they are needed. When used improperly, identity management
1 ARCHIVES AND PUBLIC RECORDS MANAGEMENT c. A-26.11 The Archives and Public Records Management Act being Chapter A-26.11* of The Statutes of Saskatchewan, 2015 (effective August 24, 2015). *NOTE: Pursuant
Frequently Asked Questions for Metis Settlements The Freedom of Information and Protection of Privacy (FOIP) Act aims to strike a balance between the public s right to know and the individual s right to
Best Practices for Protecting Individual Privacy in Conducting Survey Research (Full Version) April 1999 Information and Privacy Commissioner/Ontario 80 Bloor Street West Suite 1700 Toronto, Ontario M5S
PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle
PUBLIC LAW 96-226 APR. 3, 1980 94 STAT. 311 Public Law 96-226 96th Congress An Act To improve budget management and expenditure control by revising certain provisions relating to the Comptroller General
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
HIPAA NOTICE TO PATIENTS THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Federal regulations
Atlanta Insomnia & Behavioral Health Services, P.C. 315 West Ponce de Leon Ave Suite 1051 Decatur, GA 30030 404-378-0441 Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES
Province of Alberta FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT Revised Statutes of Alberta 2000 Current as of December 11, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta
FREEDOM OF INFORMATION AND 1 The Freedom of Information and Protection of Privacy Act being Chapter of the Statutes of Saskatchewan, 1990-91, as amended by the Statutes of Saskatchewan, 1992, c.62; 1994,
HIPAA PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. INTRODUCTION PLEASE REVIEW IT CAREFULLY Moriarty
MEDICAL RECORDS ACCESS GUIDE IOWA Parsonage Vandenack Williams LLC Attorneys at Law Parsonage Vandenack Williams LLC 2008 For more information, contact firstname.lastname@example.org TABLE OF CONTENTS Iowa...1 Patient
Province of Alberta VICTIMS OF CRIME ACT Revised Statutes of Alberta 2000 Current as of November 1, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park
Public School Network Access and Use Policy Nova Scotia Department of Education October 7, 2011 1 Public School Network Access and Use Policy Nova Scotia Department of Education October 7, 2011 This policy
Calgary North - One Executive Place Calgary, Alberta FINAL REPORT November 2007 Submitted by: Alberta Employment, Immigration Calgary North - One Executive Place Canada Alberta Service Centre In consultation
7. PROTECTION OF PRIVACY Overview This chapter covers the obligations of public bodies regarding the collection, use and disclosure of personal information; the accuracy of personal information; the retention
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
Spotlight on Animal Health Business Operations: A Legal Update Husch Blackwell LLP March 5, 2015 I. Potential Agency Inspections A. Federal Agencies Understanding and Preparing for Governmental Inspections
Wyoming School Boards Association Insurance Trust ( The Plan ) HEALTH CARE PLAN PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
Guide to Identifying Personal Information Banks Revised April 2004 ISBN 0-7785-2089-7 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155-102 Street Edmonton, Alberta, Canada T5J 4L4 Office
UNIFORM ELECTRONIC TRANSACTIONS ACT Act 305 of 2000 AN ACT to authorize and provide the terms and conditions under which information and signatures can be transmitted, received, and stored by electronic
0 E-DISCOVERY IN CANADA Todd J. Burke Kelly Friedman Andrew J. McCreary James Morton Susan Nickle Vincenzo Rondinelli Glenn Smith James Swanson Susan Wortzman Foreword by The Honourable Colin L. Campbell
Protecting your privacy Table of Contents Answering your questions about privacy Your privacy... 1 Your consent... 1 Answering your questions about privacy... 2 About cookies... 9 Behavioural Advertising/Online
HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA 1 Amended January 23, 2014 This HIPAA compliance manual was prepared for the
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
POLICY TEMPLATE Video Surveillance Category: Approval: Responsibility: Date: Operations PVP VP Finance and Administration Date initially approved: November 5, 2013 Date of last revision: same Definitions:
for the Physical Access Control System DHS/ALL 039 June 9, 2011 Contact Point David S. Coven Chief, Access Control Branch (202) 282-8742 Reviewing Official Mary Ellen Callahan Chief Privacy Officer (703)
Province of Alberta Statutes of Alberta, Current as of June 1, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton, AB
MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY Index: Introduction Information is a Corporate Resource Personal Responsibility Information Accessibility Keeping Records of what we do Ensuring
Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health
PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal
Identity Cards Act 2006 CHAPTER 15 Explanatory Notes have been produced to assist in the understanding of this Act and are available separately 6 50 Identity Cards Act 2006 CHAPTER 15 CONTENTS Registration
Fair Credit Reporting Act Compliance Guide FAIR CREDIT REPORTING ACT TABLE OF CONTENTS Page I. INTRODUCTION...1 A. Increased Applicant and Employee Rights...1 B. What is a "Consumer Report?"...1 C. What
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION PLEASE REVIEW IT CAREFULLY. DEFINITIONS PROTECTED HEALTH INFORMATION (PHI):
New Hampshire Statutes Title 31 Trade and Commerce Chapter 359-B Consumer Credit Reporting 359-B:22 Definitions. In this subdivision: I. "Identity theft" means the unauthorized taking or use of an individual's
UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE Subject: MENTAL HEALTH INFORMATION Page 1 of 6 No: Prepared by: Shoshana Milstein Original Issue Date: NEW Reviewed by: HIPAA Policy & Procedure
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
HIPAA NOTICE OF PRIVACY PRACTICES Human Resources Department 16000 N. Civic Center Plaza Surprise, AZ 85374 Ph: 623-222-3532 // Fax: 623-222-3501 TTY: 623-222-1002 Purpose of This Notice This Notice describes
Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions Are landlords in Alberta bound by privacy law? Yes. The Personal Information Protection Act (PIPA)
QUO FA T A F U E R N T BERMUDA INTERNATIONAL COOPERATION (TAX INFORMATION EXCHANGE 2005 : 47 TABLE OF CONTENTS 1 2 3 4 4A 5 5A 6 6A 7 8 8A 9 10 11 12 Short title Interpretation Duties of the Minister Grounds