PIPA PRESENTATION - PowerPoint PPT Presentation

1 / 15

About This Presentation

Title:

PIPA PRESENTATION

Description:

Number of Views:41

Avg rating:3.0/5.0

Slides: 16

Provided by: res76

Category:

Tags: pipa | presentation | hackers | passwords

Transcript and Presenter's Notes

Title: PIPA PRESENTATION

1
PIPA PRESENTATION

2
WHAT IS PIPA?

Protection for personal information held by the
private sector
Common sense rules for the collection, use,
disclosure, retention and security of personal
information
A response to national and international
developments

3
WHAT IS PERSONAL INFORMATION?

Defined as Information about an Identifiable
Individual
Broad Coverage
Applies to personal information (in general) not
just when it is used for commercial purposes
Includes Employee and Volunteer information
Does not include
Contact Information
Work Product Information

4
What are the Rules?

Identify Purpose
Purpose must be reasonable
Define purpose as clearly as possible and
narrowly as possible so individuals can
reasonably understand how personal information
will be used or disclosed.
Examples
Opening an account, program enrollment, sending
out association membership information,
identifying customer preferences

5
What are the Rules? (cont)

6
What are the Rules? (cont)

Disclose Purposes and Get Consent
Consent may be explicit or implicit
Explicit Consent(can be obtained in person, by
phone, by mail, via the internet etc.)
Reasonable expectations of the individual
Circumstances surrounding the collection
Sensitivity of the information involved
Implicit (or Deemed) Consent
Purpose must be obvious info voluntarily
provided
Given opportunity to opt-out and does not
Some circumstances where no consent required
Medical Emergency, debt owing, legal
investigation,publicly available information,
required by law

7
Out-out Consent

Consent is implied if
Provide notice (in a form that is understandable)
or purpose
Give reasonable amount of time and opportunity to
decline
Individual does not decline
And collection, use or disclosure reasonable
given sensitivity of personal information

8
Obtaining Consent

Record the consent received (e.g., note to file,
copy of e-mail, copy of check-off box).
Do not obtain consent by deceptive means.
Do not make consent a condition of supplying a
product or service beyond what is minimally
necessary to provide the product or service.
Explain to individuals the implications of
withdrawing their consent but do not prohibit the
withdrawal unless it would frustrate the
performance of legal obligation

9
GRANDFATHER CLAUSE

Does NOT apply to the collection of personal
information that has been collected on or before
the Act comes into force
Practical effect Organizations do not have to
re-collect personal information they already
hold as long as only use and disclose for
purposes that are reasonable and fulfill the
original purposes collected
All other protections will apply (e.g., security,
new uses, right of access)

10
What are the Rules? (cont)

11
What are the Rules? (cont)

Reasonable Security
Should be appropriate and proportional to the
sensitivity of the personal information
Safeguards should include
Physical measures (locked file cabinets,
restricted access to offices)
Technological measures (user IDs, passwords,
encryption)
Organizational measures (security clearances,
need to know policy)

12
SECURITY TIPS

Security is only as good as its weakest link.
Consider internal security threats. Most data
leaks come from the inside, not from external
Hackers.
Protect personal information throughout its
lifecycle (e.g., storing inactive records,
destroying records certificate of destruction)

13
What are the Rules? (cont)