Call today! 1 866 3 NYMITY
Username: Password:
Home About Us

 

 

 

 

 

 

 

 

"There is always something new to learn about privacy."

 

Andrea Naggoner

CIBC

 

 

 

 

 

 

 

 

 

 


  

 

GAPP Training


Understanding Generally Accepted Privacy Principles

In early 2006, the CICA/AICPA will announce the Generally Accepted Privacy Principles (GAPP) as a global privacy framework which will quickly become the standard for privacy audits and privacy management programs.

 

CICA logoNymity has extensive knowledge of GAPP, as Nymity used the CICA/AICPA Privacy Framework, the precursor to GAPP, as the structure for many of our risk mitigation solutions and for Nymity's privacy policy.

 

GAPP Structure

 

Each of the ten GAPP Principles have defined measurement criteria and for the most part the measurement criteria are different for each Principle.  The workshop provides a detailed review of each criteria and compares to to privacy laws in Canada.

 

Where the GAPP have common measurement criteria, for example:

 

    • principles 1 through 10 have a section called Privacy Policies; and
    • principles 2 through 10 have a section called Communication to individuals

 

a workable model is presented.

 

The workshop also provides a framework for comparing GAPP Principles to privacy laws in Canada.
 
GAPP Policies and Communications

 

Each Principle has measurement criteria for Policies and Communication.  The GAAP defines Privacy Policies as:

Written statements that convey management's intent, objective, requirements, responsibilities and/or standards.

This workshop compares GAPP Privacy Policy measurement criteria with policy rules as found in privacy laws in Canada and provides a commentary on how the Criteria compares with best-practices as established by corporate Canada.  It should be noted, that Privacy Policies refer to all data management policies including retention, access, safeguards, etc.

 

The GAPP defines Communications as:

The organizations's communication to individuals, internal personnel, and third parities about its privacy notice and its commitments therein and other relevant information.

This workshop breaks down the Communications measurement criteria into notice provisions, policy requirements, contract requirements and employee education.

 

GAPP Procedures and Controls

 

The GAPP defines Procedure and Controls as follows:

Procedures and control are the other actions the organization takes to achieve the criteria.

The workshop defines the operational privacy procedures and controls that are required by GAPP and compares them to privacy laws in Canada.

 

Resources Provided

 

Workshop attendees are provided a copy of the training materials plus:

 

    • Nymity's GAPP Quick Reference Guide;
    • Nymity's GAPP Regulation Guide; and
    • Nymity's GAAP/PIPEDA Comparative Guide.

 

These guides enable easier use of the GAPP.

 

GAPP Principles

 

The following are the ten Generally Accepted Privacy Principles:

  1. Management. The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.

  2. Notice. The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.

  3. Choice and Consent. The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.

  4. Collection. The entity collects personal information only for the purposes identified in the notice.

  5. Use and Retention. The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information for only as long as necessary to fulfill the stated purposes.

  6. Access. The entity provides individuals with access to their personal information for review and update.

  7. Disclosure to Third Parties. The entity discloses personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.

  8. Security for Privacy. The entity protects personal information against unauthorized access (both physical and logical).

  9. Quality. The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.

  10. Monitoring and Enforcement. The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.

For more information contact Nymity at 416 214 7838 or toll-free at 1 866 3 NYMITY or by email at info@nymity.com.

 
 

 

 

Dates Available

Customer List

Testimonials

 

 

 

 

Order Now

 

Download

Workshop Order Form and fax it to

416 946 1178.

 

 

 

 

Privacy Training

 

9 workshops available

 

 

 
Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY