Canadian Notice Index

Call today! 1 866 3 NYMITY

Canadian Notice Index is now included in PrivaWorks 2.0

Canadian Notice Index

Privacy Policy Toolkit

The Canadian Notice Index (the "Index") is Canada's most comprehensive program for the assessment and management of privacy policies and privacy notices. It is based on an extensive and ongoing research project to identify the most advanced privacy policy provisions in Canada. To date, there are over 145 privacy policy provisions that Nymity calls "Policy Considerations".

Policy Considerations

To assess an organization's privacy policy and privacy notices the Index contains 145 Policy Considerations in the following categories:

Notice Structures: 8 notice structural considerations.
Scope: 31 provisions to define and limit the scope of the policy/notice.
Collection: 18 provisions for identifying purposes to obtain "informed and voluntary" consent.
Choice: 20 provisions for consent.
Sharing: 13 provisions for transferring personal information to 3rd-parties, cross-border, selling, sharing, renting and other related disclosures.
Accuracy: 9 provisions outlining the consumers and organization's responsibilities for accuracy.
Data Retention: 6 provisions for retention and destruction of customers personal information.
Data Protection: 15 provisions for safeguarding customer personal information.
Customer Services: 29 provisions for the management of customers access requests and complaints.

Why are Privacy Policies Key to Privacy Management?

Three key components of a privacy management program that benefit from clear and complete privacy policies are:

Privacy notice, typically in the form of online privacy policies, demonstrate an organization's knowledge of and commitment to privacy to consumers, business partners and regulators. Privacy notices helps customers make informed decisions and demonstrates compliance with privacy laws.
Employee privacy training programs use privacy policies as the guideline for employee’s handling of personal information. Clear and complete privacy policies combined with training will reduce employee mistakes that lead to privacy breaches.
Privacy audits, typically conducted annually, measure how effective organizations follow their privacy policies and comply with privacy laws. Clear and complete policies maximize the effectiveness of privacy audits.

Index Provides 7 Provisional Elements

The Index provides over 145 provisions each containing a:

Policy Consideration - An policy provision formed as an assessment question, for example: "Does the policy address the transfer of personal information across national borders?"
Annotation - A discussion on how the Policy Consideration builds trust with consumers, business partners and regulators or, how it mitigates organizational privacy risk.
Examples - One or two examples from industry leading privacy policies in Canada.
Source - The source of the Policy Consideration. For example, privacy commissioners guidelines/findings/orders, Generally Accepted Privacy Principles (GAPP), legal authorities and corporate best-practices.
CSA Principle - The CSA principle to which the Policy Consideration best aligns.
GAPP - The Generally Accepted Privacy Principle (GAPP) to which the Policy Consideration best aligns.
Awards - For which years the Policy Considerations were used for Nymity Top Privacy Policy in Canada Awards program. Note: The Awards program uses different and new Policy Considerations every year.

For the previous version of the Index, visit 2005 Edition - Canadian Notice Index

Index Provides Annotations on Building Trust and Risk Mitigation

Each of the above categories have two subsections in which the provisions are organized. The subsection defines the focus for each provisional annotation. The are:

Risk Mitigation - Provisions that mitigate the risk of complaints and non-compliance with privacy laws.

Building Trust - Provisions whose purpose is to increase the trust of consumers, business partners or regulators.