Leaders in privacy, compliance & information governance solutions

Welcome. Log in or create an account for AccessPrivacy.com

New Accountability Guidance: Regulatory Expectations for Privacy Management Programs

April 17, 2012

Important new regulatory guidance on accountability, entitled Getting Accountability Right with a Privacy Management Program, was jointly released today by the Office of the Privacy Commissioner of Canada (OPC), and the Offices of the Information and Privacy Commissioners (OIPCs) of Alberta and British Columbia.  The new, 19-page guidance document sets out the details of Canadian privacy regulatory authorities' expectations for a comprehensive privacy management program. The guidance addresses the necessity for:

  • Organizational commitment, such as an internal governance structure, the appointment of a privacy officer, and reporting mechanisms;

  • Program controls, such as personal information inventories, the development of policies and protocols, risk assessment tools, service provider management, and training and education programs; and

  • Elements for the maintenance of a privacy management program to ensure ongoing effectiveness, compliance and accountability.

In addition, the OPC released an Interpretations Bulletin on Accountability that outlines statutory provisions related to accountability under the Personal Information Protection and Electronic Documents Act and how the provisions have been interpreted by the courts and the OPC. 

We will discuss the new guidance in detail on our next Monthly Privacy Call on April 25, 2012.  The accountability guidance will also be a focus of discussion at the AccessPrivacy 2012 Annual Privacy Conference to be held on June 7th, 2012 at Heenan Blaikie's offices in Toronto. 

If you received this e-newsletter and are not already on our distribution list, you can sign up here to have our free e-newsletter delivered to your inbox.

PIPEDA; Share This