1 / 16

Greater Toronto Hockey League

Greater Toronto Hockey League. The Implementation of PIPEDA and Amateur Sports – A Case Study. PIPEDA . P ersonal I nformation P rotection and E lectronic D ocuments A ct Applies to the collection, use, disclosure and security of personal information in the course of commercial activities

margot
Download Presentation

Greater Toronto Hockey League

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Greater Toronto Hockey League The Implementation of PIPEDA and Amateur Sports – A Case Study

  2. PIPEDA • Personal Information Protection and Electronic Documents Act • Applies to the collection, use, disclosure and security of personal information in the course of commercial activities • Personal information is any information about an identifiable individual

  3. PIPEDA • Requires consent for collection, use and disclosure of personal information • Consent can be Implied versus Expressed • Opt in v. Opt Out • The distinction between an obvious purpose and a secondary purpose

  4. Chief Privacy Officer Process to inventory/classify existing personal information Effective Policies and Practices Staff Training and Awareness on Privacy Retain consent provided on file Continuous process to keep information up to date/accurate Physical security safeguards over personal information Strong IT security and configuration (who can see or use) Process to communicate Privacy policies and practices Process to respond to Access requests/corrections/complaints Complaints review process – initiate changes to policies and practices Compliance/Monitoring process - internal or external What is needed by organizations

  5. GTHL – A Case Study – What We Did • GTHL Privacy Policy • Grass Roots Up Development • Consistent Policy–GTHL–OHF–Hockey Canada • Written so that GTHL Clubs/Associations can use in an easily adaptable form

  6. Chief Privacy Office • GTHL Executive Director and President • Jointly accountable to the Board of Directors for compliance • Responsible for the GTHL’s Compliance with PIPEDA privacy principles • Responsible for responding to access requests • Responsible for ensuring the GTHL is accountable for all personal information it it’s possession

  7. Inventory/Classy • Inventoried existing hard copy data • Inventoried electronic information • Classified what was needed • Classified purpose of collection • Archived and destroyed data that was not needed.

  8. Policies/Practices • Established GTHL Policy • Ensured Polices and Practices reflected both the legislation and GTHL Policy

  9. Training • “Internal procedures and employee education is as important as what the privacy policy says” • Trained Staff • Trained Volunteers • Informed GTHL Clubs and Membership

  10. Consent • Reviewed and revised all forms of personal information collection • Player Cards • Club Executive Forms • Tournament Forms • Statement of rationale for collection • Consent to distribute • Electronic tracking of consent

  11. Accurate Data • Established Process for the keeping of accurate data • Re-Registration • Application process for review • Application process for update

  12. Physical Security • IT Security Provisions were implemented including On-Line Registration and On-Line Financial Transactions • Necessary Server Protection • “Locked” Security Room was constructed to protect documents • Practices of Transferring data were reviewed (I.E. Couriers etc.)

  13. IT Security • Password Protection • E-Commerce Review to ensure compliance • Tiered Access to Information

  14. Communication • Web-site publication of policy • Other GTHL documents to participants

  15. Processes • Access Requests • Corrections • Complaints • Review

  16. Questions • ??????

More Related