Ann
Cavoukian, Ph.D.
Information and Privacy Commissioner of Ontario
I have always advocated that privacy should not
be viewed merely as a matter of compliance, but
as a sound business practice. The growing prevalence
of high-profile incidents in the media involving
compromises of personal information further underscores
that all organizations dealing with personal information
must make privacy a priority. Having a clear,
comprehensive privacy policy is an essential component
in building customer trust.
For these reasons, I am very impressed with the
National Privacy Policy Index [now the Canadian
Notice Index] on the Nymity website. Through using
this tool, businesses and other organizations
can easily scan industry “best practices” in order
to facilitate the creation and improvement of
their own privacy policies. Nymity has done a
wonderful job of thoroughly analysing the privacy
policies of leading organizations to identify
which are best in fostering customer trust.
I was particularly impressed with the way that
Nymity has incorporated source documents (such
as guidelines issued by Privacy Commissioners)
and the Canadian Standards Association's Model
Code for the Protection of Personal Information,
within the Index. These links provide the reader
with easy access to the primary sources that elaborate
on fair information practices.
I think that the Nymity staff has done a very
thorough job in putting together this Index, and
I would highly recommend it as a reference for
any organization in the process of formulating
its own privacy policy.
I should also add that while sound privacy policies
are an essential element in ensuring transparent
and accountable privacy practices, it is incumbent
that steps be taken to ensure that such practices
are followed.
David Loukidelis
Information and Privacy Commissioner of British
Columbia
The National Privacy Policy Index [now the Canadian
Notice Index] will be very useful for organizations
struggling to comply with one or more of Canada's
various private sector privacy laws, including
British Columbia's Personal Information Protection
Act. Like other such laws, PIPA requires organizations
to create and follow policies and practices in
complying with the law.
Privacy policies are more than mere legal obligations,
of course. They are important for building and
keeping consumer trust in the information practices
of organizations. A clear and comprehensive privacy
policy is a powerful tool to this end.
I really like how the Index is organized against
the fair information practices found in Schedule
1 to PIPEDA. Since these fair information practices
are reflected in British Columbia's law, organizing
the Index around them is a good way to map the
essential elements of a privacy policy.
The decision to layer the Index's material, by
allowing users to drill down for more detail and
examples of specific privacy policy provisions,
was a very good one. Organizations will find it
very useful to have specific examples for comparison
purposes, recognizing that each policy has to
fit the needs of each organization.
Canadian private sector privacy laws are sufficiently
similar to each other that the National Privacy
Policy Index promises to be an important resource
for promoting consistent privacy policies and
processes across Canada. I am very pleased with
what I have seen in the draft National Privacy
Policy Index and congratulate Nymity for its innovative
approach to private sector privacy compliance.
Richard Simpson
Director General, Electronic Commerce
Industry Canada
Maintaining effective privacy policies and practices
is important not only as a legal obligation, but
should also be seen as a competitive advantage
in the digital economy. Privacy is good business.
It is also a deeply-rooted Canadian value, and
consumers have shown that they are very concerned
with how organizations protect their personal
information. The protection of personal information
is therefore fundamental to establishing a positive
reputation in an increasingly competitive global
economy.
The PrivaWorks National Privacy Policy Index
[now the Canadian Notice Index] assesses an organization's
privacy policy based on its compliance with the
ten privacy principles found in the Personal Information
Protection and Electronic Documents Act (PIPEDA).
These principles are drawn from the CSA Model
Code for the Protection of Personal Information,
a standard that was developed jointly by business,
government, and civil liberty organizations. Therefore,
the Index provides organizations with a mechanism
for implementing privacy policies that are in
accordance with a widely accepted framework for
the protection of personal information.
Heather H. Black
Assistant Privacy Commissioner
Office of the Privacy Commissioner of Canada
The Personal Information Protection and Electronic
Documents Act which is Canada's national private
sector data protection law requires organizations
subject to the law to develop and implement policies,
practices and procedures for complying with the
Act.
The National Privacy Policy Index [now the Canadian
Notice Index] should be useful to organizations
that are in the process of implementing the national
law or provincial laws that have similar requirements.
The Office of the Privacy Commissioner of Canada
encourages all organizations to develop and then
live up to their privacy policies.
Elizabeth Denham
Director, Personal Information Protection Act
Office of the Information and Privacy Commissioner
of Alberta
As you know, Alberta's Personal Information Protection
Act requires organizations to develop privacy
policies to demonstrate and ensure that they meet
their obligations under the Act. Each organization
should tailor its policies and procedures to the
types and extent of personal information collected,
used and disclosed and to its unique business
functions. This is simply not a "cut and paste"
job. Effective privacy policies are essential
not only for compliance purposes, for also to
communicate effectively with customers and employees
(who are becoming increasingly privacy savvy),
and to gain a competitive edge in business. A
privacy policy based on a thorough assessment
of the business must also be reviewed periodically
and amended to encompass changes in business practices,
and well as to reflect emerging jurisprudence
in private sector privacy.
The content of the National Privacy Policy Index
[now the Canadian Notice Index] would be useful
to organizations who are developing, reviewing
and amending their privacy policies. The index
is logically organized according to 10 principles
reflected in PIPEDA; with each principle drilling
down into extensive detail. Although the Alberta
and B.C. PIPAs are not structured in this way,
there is enough similarities in the obligations
that provincially-regulated organizations operating
exclusively within these provinces could make
use of the index. And it is certainly helpful
for organizations operating across several jurisdictions,
in their attempts to harmonize corporate privacy
policies. I believe the tool is appropriately
intended for an audience of privacy officers and
privacy managers in medium to large sized organizations;
these individuals are familiar with the privacy
principles and are sophisticated users of such
guidance.
The links to actual privacy policies of high-profile
organizations is very useful in offering real-life
examples and industry "best practices". Nymity's
commitment to keep this Index updated is critical
to its ongoing value to organizations.
I congratulate you on this initiative.
Wally Hill
V.P. Public Affairs & Communications
Canadian Marketing Association
“A Positive Contribution to Awareness about Privacy
Protection”
The Canadian Marketing Association continues to
be a leader in the protection of personal privacy,
working with consumers, industry and governments
to promote that goal. Key to the success of CMA's
contribution is our commitment to effective privacy
protection along with a strong economy for businesses
and consumers. CMA members recognize that protection
of personal privacy builds customer trust and
loyalty, and that it is good for business.
Nymity's new National Privacy Policy Index [now
the Canadian Notice Index] will help to build
awareness and knowledge about compliance with
privacy policies in Canada. Identifying a range
of best practices and leading companies in development
and implementation of privacy policies, the Index
offers a positive contribution to Industry's commitment
to the protection of personal privacy.
Lance Novak
Director, Information Products
Canadian Standards Association
The Canadian Standards Association (CSA), Canada's
leading developer of standards and codes and the
developers of the Model Code for the Protection
of Personal Information (Q830), has provided a
review of the National Privacy Policy Index. In
Canada, the key elements of the CSA's Privacy
Code are now incorporated into the Personal Information
Protection and Electronic Documents Act (PIPEDA),
which came into full effect on January 1, 2004.
The National Privacy Policy Index also incorporates
key elements of the CSA's Model Code, which covers
the Fair Information Practices.
Organizations that collect, use or disclose personal
information should proactively maintain their
privacy policies and programs and, in this regard,
the National Privacy Policy Index [now the Canadian
Notice Index] is an effective tool for the evaluation
and maintenance of privacy policies. It provides
a comprehensive list of privacy policy considerations
that will help all organizations to create effective
policies that meet legal requirements as well
as business objectives. Privacy policies are key
to organizations, providing clarity to personal
information handling practices and accountability
to both consumers and the Privacy Commissioners'
offices.
Canadian Standards Association (CSA) is a membership
association serving industry, government, consumers
and other interested parties in Canada and the
global marketplace. A leading developer of standards
and codes, CSA aims to enhance public safety,
improve quality of life, preserve the environment
and facilitate trade. To help people understand
and apply standards, CSA offers information products
and training. The Canadian Standards Association
is a division of CSA Group which consists of CSA,
CSA International for product testing and certification,
and, QMI for management systems registration.
|
