Privacy Management Framework

What is it?

A Privacy Management Framework (PMF) is used to demonstrate the importance of an organization's commitment to the responsibility of accountability in relation to privacy.  Organizations must have in place appropriate policies and procedures that promote good privacy management practices which, in whole, make up a privacy management program.  Managing personal information collected and held within an organization demonstrates that an organization has correctly identified privacy-related obligations and risks and appropriately taken them into account in developing their business models and related technologies and business practices. 

What does this mean for my organization?

Once a PMF has been established, organizations can then prioritize the implementation of various fundamentals of the framework as well as use it as a point of reference in guiding future decisions, actions and accountabilities related to privacy.  A PMF should promote trust and confidence on the part of consumers, and thereby enhance competitive and reputation advantages for organizations.

What you can expect:

Whether you are a public or private sector organization, small or large, we can provide you with clear direction to ensure your organization’s success in achieving accountability with respect to privacy.  With an emphasis on continuous access and personal service, we pride ourselves on working closely with you before, during and after implementation of your PMF. We want to ensure your long-term success by keeping you up-to-date on the latest privacy practices and requirements and ways in which these developments can be successfully incorporated into your organization and its functions.

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.
Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.

Privacy Impact Assessment

What is it?

An integral part of any new project or organizational function is risk management. Accounting for all the reasonable (and unreasonable!) issues and challenges an organization may face is vital to ensuring the successful outcome of any initiative. One of the key tools utilized by both public and private organizations when managing risk is a Privacy Impact Assessment (PIA). From municipal to federal, Canada and abroad, the PIA is a recognized instrument for measuring and mitigating the privacy risks associated with the collection, use, retention, disposal and disclosure of personal information.

What are the benefits?

Institutions should think of a PIA as an early warning system for the risks they could potentially face. Without proper planning and foresight, those risks could become actualities and result in consequences that will affect not only the success of an organization’s program in the short-term, but also the institution as a whole in the long term, impacting finances, reputation and public image.  A PIA aids an organization in understanding and defining the role personal information plays in their project and supports informed and responsible decision-making throughout a project’s development in terms of privacy risks, ensuring that privacy considerations and protections are built into the project from the ground up, rather than tacked on at the end. This ultimately allows an institution to effectively measure their compliance with applicable statutes.

What you can expect:

We are not a large consulting firm that will burden you with complex fee structures and expensive overhead. You can expect our Privacy Risk Management Experts to be flexible in their approach and availability, while working closely with the responsible individuals in your organization. We will involve all necessary parties, from project managers to IT experts in the formulation of your PIA.

We hold the satisfaction of our clients in high regard. With an emphasis on continuous access and personal service, we pride ourselves on working closely with you before, during and after the implementation of your program.

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.
Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.

Privacy Audit

What is it?

A Privacy Audit is a fact-finding exercise to establish the compliance and/or incidence of particular practices and processes within an organization. A Privacy Audit ensures that information processing procedures are sufficient to meet existing and emerging privacy requirements, policies and standards by reviewing the ways in which information about clients, customers and employees is collected, used, stored and disposed of by organizations.

What is included in a Privacy Audit?

A Privacy Audit can serve a central role in limiting the misuse of personal information and protecting organizations from liability and public relations problems. The Privacy Audit includes,

• Analysis of verbal evidence - interviews with stakeholders, and staff
• Collection of physical evidence - review and analysis of internal policies, processes, practices including quality assurance, security, and retention and disposal practices
• Analysis of documentary evidence - documentation supporting privacy policies and procedures, operations, administration processes, remedial plans in the event of breach or other deficiencies, PIAs
• Final Audit Report - a comprehensive report that responds effectively to the organization's particular needs, and helps it in achieving a strong privacy management program

What to expect:

We hold the satisfaction of our clients in high regard. With an emphasis on continuous access and personal service, we pride ourselves on working closely with you before, during and after implementation of the project. We want to ensure your long-term success by keeping you up-to-date on the latest privacy requirements and ways in which these developments can be successfully incorporated into your organization and its functions.

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.

Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.

Privacy Gap Analysis

What is it?

A Privacy Gap Assessment (PGA) is a risk management tool that measures privacy compliance within an organization.  Whether you are a large government department or a small business, a PGA can help to pinpoint weaknesses and report on an organization's existing privacy practices.  A PGA is of benefit to those organizations who wish to ensure sound administrative, physical and technical processes for privacy management that meet legislative, regulatory and policy standards and privacy best practices.   

A multi-level approach:

Our experienced consultants use a multi-level approach to the PGA that will,

• Identify gaps within the organization;
• Create an inventory of information holdings (i.e. what personal information types are collected, used, retained and disposed);
• Assess privacy and information management practices and policies;
• Assess levels of risk and how they can be mitigated;
• Ensure that the organization has implemented adequate privacy assurance controls; and
• Determine how well the organization achieves ongoing compliance as business needs change.

What you can expect:

We hold the satisfaction of our clients in high regard. With an emphasis on continuous access and personal service, we pride ourselves on working closely with you before, during and after the PGA process. We want to ensure your long-term success by keeping you up-to-date on the latest privacy practices and ways in which these developments can be successfully incorporated into your organization and its functions.

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.

Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.

Privacy Policy & Breach Protocols

What is it?

A privacy breach, according to the Office of the Privacy Commissioner of Canada, "…is the result of an unauthorized access to, or collection, use or disclosure of personal information." 

In 2014 alone, over 300 privacy breaches were made public in North America.  Government organizations, financial institutions, NGOs, retail chains, and the health care sector were all exploited by privacy breach despite spending huge sums of money to ensure the security of their assets.  Regardless of your business sector, many breaches happen not from sophisticated hacking, but because of poor privacy practices like giving a caller your network login just because he says he from the IT department.  Thus, enhancing employee awareness of privacy, in conjunction with robust digital security, can go a long way to closing security gaps.

What does this mean for my organization?

What would your organization do in the event of a privacy breach?  Organizations, both large and small, in all sectors, must take preventative steps to prevent the occurrence of a breach.  By ensuring that your organization has the know-how and tools in place to mitigate the risks associated with breach, will determine how effectively you can recover.  Having the right solutions and prevention strategies in place will help to,

• Immediately control and contain a breach or suspected breach;
• Evaluate the risks associated with a breach or suspected breach;
• Ensure a mitigation strategy in the event of a breach; and
• Develop a plan for the prevention of future breaches.

What to expect:

You can expect our Privacy Risk Management Experts to be flexible in their approach and availability, while working closely with the responsible individuals in your organization.

We hold the satisfaction of our clients in high regard. With an emphasis on continuous access and personal service, we pride ourselves on working closely with you before, during and after the implementation of your program to ensure your long-term success.

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.
Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.

Threat Risk Assessment

What is it?

A Threat and Risk Assessment (TRA) is security risk management tool used to evaluate the security threats and risks to organizational information, programs, systems, services and physical spaces. TRAs suggest where to avoid, reduce and accept risk, as well as diminish the impact of threatening events.

What are the benefits?

With the threat landscape continuously changing, so do the vulnerabilities.  A TRA will provide many benefits to an organization including,

• Improved security posture through actionable risk mitigation strategies and recommendations
• Informed decision making to manage risks and reduce or prevent negative outcomes
• Improved compliance with applicable legislation, regulation and policy instruments

What to expect:

We want to ensure your long-term success by keeping you up-to-date on the latest security practices and requirements and ways in which these developments can be successfully incorporated into your organization and its functions.  With an emphasis on continuous access and personal service, we will involve all necessary parties, from project managers to IT experts in the formulation of your TRA.  We hold the satisfaction of our clients in high regard and we pride ourselves on working closely with you before, during and after the TRA process.

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.
Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.

Privacy Training

What does it entail?

Whether you need to determine, maintain, or demonstrate compliance; build comprehensive policies, protocols and procedures, we can provide you with the training and tools to meet your business needs.  Our training sessions provide direction and insight into:

• Federal and/or provincial laws (Privacy Act, Access to Information Act, PIPEDA, etc.) and the accompanying regulations that impact your organization's operations.
• The 10 Fair Privacy Principles and how to apply them to your privacy risk and mitigation strategies.
• Privacy breach protocols – learn strategies to prevent the incidence of privacy breach within your organization
• Privacy Impact Assessments – learn the steps and expectations for conducting PIAs

Learn effective privacy practices:

An effective privacy management program is the key for maintaining and demonstrating accountability and compliance.   However, training your employees and management to understand and effectively implement your privacy management program is essential.  Learn to:

• Mitigate organizational liabilities.
• Demonstrate accountability
• Build consumer trust and comply with privacy laws.
• Communicate to management and employees the organization's requirements for handling personal information
• Define the processes for handling breaches, complaints and privacy/access request

What to expect:

You can expect our Privacy Risk Management Experts to be flexible in their approach and availability, while providing your organization with customized training geared to your specific needs.  With an emphasis on continuous access and personal service, we ensure your long-term success by keeping you up-to-date on the latest privacy practices and requirements and ways in which these developments can be successfully incorporated into your organization's training program.

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.
Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.

Info Source for Government of Canada Department and Agencies

What is it?

Info Source is a series of publications containing information about the Government of Canada's access to information and privacy programs. The primary purpose of Info Source is to assist individuals in exercising their rights under the Access to Information Act and the Privacy Act. Info Source also supports the government's commitment to facilitate access to information regarding its activities.

Every year federal institutions must update and publish all of their information holdings, including personal information, in Info Source using the current instructions prescribed by the Treasury Board of Canada Secretariat (TBS) and the feedback provided on their previous year's chapter.

What does this mean for my organization?

Being compliant with information handling policies, procedures and protocols are the key for maintaining and demonstrating accountability, compliance, and maintaining public trust.   Understanding the key ideas and advantages to creating and submitting an accurate and up to date Info Source chapter will assist you in maintaining compliance with TBS reporting requirements.

What to expect:

Whether you are starting from the beginning, or just simply do not have the resources to effectively manage the Info Source requirements set out by TBS, we can help.  We are not a large consulting firm that will burden you with complex fee structures and expensive overhead. You can expect our Privacy Risk Management Experts to be flexible in their approach and availability, while working closely with the responsible individuals in your organization

Non Profit Rates:

As part of our corporate social responsibility, we offer discounted rates for non profit organisations from 20%-50% on all our services. We understand that you have particular parameters you must work within, and your budgetary capabilities are significantly smaller than those of our corporate clients. Each of our projects are customized to the organization we are working with. Please contact us for further details. Please note that non profit organisations will be required to produce proof of status.
Please contact us if you have any questions or concerns. We are here to help you meet your Privacy & Risk Management Accountability requirements.