240 likes | 354 Views
Public Sector Case Studies:. THE ESTABLISHMENT OF A PRIVACY OFFICE. AGENDA. Introduction to the ONTARIO WORKPLACE SAFETY & INSURANCE BOARD ( WSIB) Evolution of the WSIB PRIVACY OFFICE Building a corporate PRIVACY INFRASTRUCTURE. The Workplace Safety and Insurance Board An Overview.
E N D
Public Sector Case Studies: THE ESTABLISHMENT OF A PRIVACY OFFICE
AGENDA • Introduction to the ONTARIO WORKPLACE SAFETY & INSURANCE BOARD (WSIB) • Evolution of theWSIB PRIVACY OFFICE • Building a corporate PRIVACY INFRASTRUCTURE
The Workplace Safety and Insurance Board An Overview • The Workplace Safety and Insurance Board (WSIB) began as the Workmen's Compensation Board in 1915 through an Act of the Ontario Legislature • The system of no-fault collective liability provides fair compensation for injured workers and their families, while spreading individual costs among employers • Today, the WSIB administers some 340,000 claims with a staff of 4,293 located throughout Ontario • A total of 201,272 Ontario employers are covered by the WSIB
ENABLING LEGISLATION • WORKPLACE SAFETY and INSURANCE ACT (WSIA) • Provides for legislative authority for the collection, use, retention and disclosure of information • FREEDOM OF INFORMATION and PROTECTION OF PRIVACY ACT (FIPPA) • Provides the right of access to information under the control of institutions • Protects the privacy of individuals with respect to personal information about themselves held by institutions and provides individuals with a right of access to that information
CHANGE DRIVERS • WCB WSIB(1998) • VISION: THE ELIMINATION OF ALL WORKPLACE INJURIES and ILLNESSES • WISB now oversees Ontario’s system of workplace safety education and training • Greater support of research efforts in the study of occupational disease and workplace safety • Emphasis on early and safe return to work • New technologies implemented • Increased outsourcing of business processes
Alternate Service Providers WSIB Employees Working Outside the Office LMR Service Providers WSIB Contracted Specialty Clinics Pharmacies Health Professionals WORKER AND WSIB EMPLOYEE PERSONAL INFORMATION Employers Hospitals Researchers Safe Workplace Associations (SWAS) APPLICATION SYSTEMS, TELEPHONE FAX, MAIL, EMAIL, INTERNET
MAKING THE CASE FORA PRIVACY OFFICE • January 1, 2002 Program Privacy Group • Developed the capacity to implement Privacy Impact Assessments • Completed PIAs for key strategic projects • Educated project teams through privacy presentations • BUILT PRIVACY AWARENESS WITH SENIOR MANAGEMENT
ACCOUNTABILITY *Source: Information and Privacy Commissioner/Ontario (IPC)- Privacy Diagnostic Tool
PRIVACYIS ON THE CORPORATE MAP • July 1, 2002 WSIB PRIVACY OFFICE • Legal Services Division • Integrated FOI Program • Full service ACCESS and PRIVACY OFFICE • Multidisciplined team • FOI Co-ordinator, business specialists, security architect, project management experience
TEAMWORK “NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED PEOPLE CAN CHANGE THE WORLD. INDEED, IT IS THE ONLY THING THAT EVER HAS”.
PRIVACY OFFICERELATIONSHIPS BUSINESS LEGAL SERVICES PRIVACY OFFICE SECURITY ARCHITECTURE CONTRACTED SERVICE PROVIDERS RESEARCHERS
CORPORATE PRIVACY FRAMEWORK FOI PROGRAM Education & Awareness Governance Risk Assessments &Risk Mgmt
WSIB PRIVACY DESIGN PRINCIPLES • Compliance with the Privacy Design Principles is mandatory (FIPPA) for all project staff and consultants • Purpose: • Help staff and consultants doing projects understand and meet the WSIB’s privacy obligations with respect to the design and implementation of any type of WSIB project • Enhance WSIB privacy compliance by ensuring legislated privacy requirements are met from project concept to business integration upon completion of the project.
Applying the PRIVACY Concept to a Project: • WSIB Project & Program Privacy Design Principles • Project Initiation • Terms of Reference • Initial Privacy Security Screening Assessent • 1st step in identifying privacy requirements • Business Case
PRIVACY Review Process Initial Privacy Screening Assessment: • A questionnaire to determine if there are possible privacy implications,requiring a more detailed privacy review of the project • To be completed at the conceptual phase of a project. • Is there personal information (as defined by FIPPA) collected, used, disclosed and retained? • Who collects it? • How is it Collected? • Where does it go? (ie. Does it cross Ontario/Canadian borders? • How is it transmitted to external parties? (e-mail,fax) • Will the data be retained? If so, for how long? • Who will have access to the information? • What is the legislative authority for the collection, use and disclosure of personal information?
PRIVACY Impact Assessments • What is a PIA? • A PIA is a process that measures both legislative compliance (I.e. FIPPA, WSIA) and considers the broader privacy implications of a given proposal. • Purpose • The function of a PIA is to ensure that privacy risks associated with a given proposal are properly identified and addressed wherever possible, and that decision makers have been informed of these risks and the options available to mitigate them.
The PIA in the PROJECT LIFE CYCLE • CONCEPT and PLANNING • Project Definition • Initial PIA • Conceptual Design • Privacy & Security Requirements • DETAILED DESIGN & IMPLEMENTATION • Interim PIAs • POST IMPLEMENTATION • Final PIA
The PIA in the PROJECT LIFE CYCLE The Privacy Impact Assessment Process provides for: • More detailed definition of privacy requirements • Integration of privacy requirements into project • Assurance reporting to project and business management
POSITIONING & COMMUNICATIONPRIVACY PRIVACY IS NOT JUST ABOUT COMPLYING WITH LEGISLATION PRIVACY IS ABOUT: • BUILDING TRUSTED RELATIONSHIPS • GOOD BUSINESS PRACTICE
SPEAKER CONTACT INFORMATION Laurisa Tkachenko Director, Privacy Office Workplace Safety & Insurance Board 200 Front Street West, 20th floor Tel: (416) 344-3685 email: laurisa_tkachenko@wsib.on.ca