- Compliance Implementation
- Information Security Program Design
- Privacy Breach Response
- Access to information Requests Assistance
- Privacy Support Services
Avoid doing too much or too little
Access and privacy laws require you to appoint an access and privacy officer and to develop privacy program policies and procedures, including procedures to handle privacy breaches or requests for access to information. In other words, access and privacy management will need to be a an ongoing program within your business.
You can easily do too little or too much to meet legislative policy and program requirements. Cenera will ensure that your privacy policies and organization are not only compliant but effective and in line with your day to day operations. Of course, managing personal information affects many areas of your business, including human resources, finance, occupational health and safety, information systems, marketing, payroll, mergers and acquisitions, as well as customer or client services.
Make it work on the ground
Our consultants can provide assistance with developing and incorporating changes for compliance by:
- reviewing automated and manual forms to ensure legislative collection stipulations are addressed;
- determining when explicit, deemed, or op-out consent can be used based on the sensitivity and business use of the personal information;
- facilitating change management and business process re-engineering to support good access and privacy management;
- implementing quality management and compliance auditing; and
- reviewing contracted service providers to make sure the meet your privacy standards.
Information security that doesn’t impede business
It’s one thing to identify security threats and recommend mitigations; it’s another to make sure that they are put into practice on a day-to-day basis in your business. To this challenge we bring our long experience with developing workable information security policy and procedures for a wide variety of organizations, combined with our function-based information management approach to solutions.
The result is an information security program that is not just compliant with privacy requirements – policies are embedded into the behavior and practices of your organization.
Prevention is key – but when privacy breaches happen, how you respond is crucial
These days, a privacy breach can, in a very short time, cost you dearly in time, money, and public trust. It is often not the breach itself, but your business’ response to the breach, that is most damaging. Unless you take swift and comprehensive action to deal with your own privacy breaches, privacy regulators are quick to take up the slack and point to your negligence in responding appropriately.
Cenera can build you a process that responds decisively and quickly to close, investigate, and learn from privacy breaches in your business. This response process must also now comply with new legislative requirements to notify the Information and Privacy Commissioner of Alberta and subject individuals about privacy breaches in your organization.
Don’t let access to information requests get out of hand
Your employees, customers, and other stakeholders have a right to access the personal information you hold about them. This seems straightforward enough until you encounter large files, requests to access e-mails and personal notes, and personal files that contain as much about other individuals as the person requesting. If you get it wrong, you may face reviews, investigations, or inquiries by the regulator. By working with Cenera, you will respond to access requests the right way the first time.
Access and privacy compliance is often complex and confusing – we have your back
Many organizations may find that they just do not have the resources or expertise to implement and manage an appropriate privacy program within their business. Cenera’s experts can be retained on a consulting basis to assist your organization in ensuring privacy compliance implementation on an ongoing or as needed basis.
We can provide support services to support your FOIP Coordinator or Chief Privacy Officer and maintain relations with the Information and Privacy Commissioner of Alberta by:
- responding to requests for information
- addressing security breaches
- responding to reviews, audits and investigations
- providing ongoing high-level regulatory expertise on access and privacy