Test your Knowledge
What are two types of services that the Access and Privacy Office can offer?
FOI, privacy breaches, privacy complaints, consultation, education, privacy impact assessments
If personal information may be incorrect or outdated, are you allowed to use it?
Can you collect personal health information?
No
What needs to be completed and sent to the access and privacy office after a breach has occurred
Privacy breach report form
This presentation and all our privacy rules focus on one specific type of privacy. What is it?
Information privacy
True or false: You can share personal information with other regional staff who need it to perform their duties.
True
Finish this sentence: personal information is any information that can be used to __________ an individual, either on its own or when combined with other information.
Identify
What is a privacy breach?
A privacy breach is when personal information is lost, stolen, or handled—whether collected, stored, used, shared, or disposed of—in ways that violate the privacy rules we are required to follow.
True or false: The two privacy laws that apply to the Region are the Municipal Freedom of Information and Protection of Privacy Act and the Personal Health Information Protection Act.
True
True or false: Data minimization is a best practice not a requirement.
False
What’s the difference between personal information versus personal health information?
Personal health information is information that identifies someone and relates to their health or healthcare. Whereas personal information is only information that identifies someone.
What is the first action that must be taken when a privacy breach occurs?
Contain the breach
Can you name the three people on the Access and Privacy Office team?
Robyn, Chantelle and Pavithraa
When do you need to get consent when dealing with someone’s personal information?
When you want to use or share their personal information for a different reason than why it was collected.
What is a quasi-identifier?
It’s a piece of information that when combined with other information can be used to identify someone, making it personal information
If an email was sent to the wrong recipient containing personal information, what is one step you can take to contain it?
Recall the email, ask them to delete it from their inbox and their deleted folder