Diane McLeod-McKay, the territory’s information and privacy commissioner, says Yukon organizations and businesses should be aware of the myriad privacy laws that apply to them. (Joel Krahn/Yukon News file)

Every Yukon organization needs a privacy primer

Diane McLeod-McKay | Special to the News

Privacy laws are in place to safeguard your personal information and protect you.

We marked International Data Privacy Day this year on Jan. 28 and as your privacy commissioner, I want to highlight steps being taken to enhance the protection of citizens’ personal information.

In Canada, every jurisdiction has privacy laws that protect the personal information of citizens and has privacy commissioners responsible for monitoring compliance. Most other countries also have privacy laws and privacy commissioners.

The need to enhance privacy protection is now greater than ever, due to advances in technology. Governments and businesses are able to collect massive amounts of personal information, which can be easily processed, transmitted and breached.

Privacy laws allow individuals to control their own personal information. These laws impose limits on the collection, use and disclosure of personal information by governments and businesses. They also require personal information to be properly secured so that breaches do not occur.

A privacy breach can harm an individual. In recognition of this, most newly-drafted privacy laws include a requirement that governments and businesses notify individuals about a breach that may cause them harm. There is also usually a requirement that privacy commissioners be informed about the breach.

The purpose of breach reporting is to ensure individuals know about a breach so they may take steps to prevent any potential harm, and to ensure privacy commissioners can monitor breaches and help with prevention.

Health care providers in Yukon’s public and private sectors must comply with the Health Information Privacy and Management Act (HIPMA), which requires reporting of any breaches. A health care provider must notify an individual (and Yukon’s privacy commissioner) following a privacy breach where there is a risk of significant harm to the individual. If found guilty of failing to do this, fines are between $10,000 and $100,000.

Yukon’s Access to Information and Protection of Privacy Act (ATIPP), in effect since 1995, applies to public bodies, including the Yukon government. The ATIPP Act does not have mandatory breach reporting requirements, but they may be included when the legislation is amended following the current comprehensive review.

There are also privacy laws which govern the private sector. The federal Personal Information Protection and Electronic Documents Act (PIPEDA) applies to the collection, use and disclosure of personal information by an organization in the course of commercial activity. PIPEDA applies to all private sector organizations in Yukon, including private sector health care providers. It also applies to federal works, undertakings or businesses including banks, and telecommunications and transportation companies.

PIPEDA was recently amended to include mandatory breach reporting. Once in effect, the requirement to notify an individual (and the federal privacy commissioner) about a breach will be triggered when an organization determines the breach creates a real risk of significant harm to the individual. Failures to report a breach are subject to fines similar to those in HIPMA.

The General Data Protection Regulation (GDPR) is a European Union law that includes mandatory breach reporting requirements. It will come into effect in May 2018. This law is said to have “extraterritorial” reach because it will apply to an organization that collects, uses or discloses personal information of EU citizens while offering goods or services to them or monitoring their behavior, no matter where the organization is located. Since EU residents visit Yukon every year, it is possible that Yukon businesses may find themselves subject to the GDPR.

The GDPR requires organizations to notify the appropriate supervisory authority within 72 hours about a breach of personal information and without undue delay when the breach is likely to result in a high risk to their rights and freedoms. The fines can be up to 10 million euros or two per cent of the organization’s global turnover (whichever is higher).

The best way for public or private sector organizations in Yukon to avoid being found in violation of mandatory breach reporting requirements is to identify a “privacy contact,” i.e. someone in the organization to be responsible for privacy and to develop breach reporting policy and procedure.

All staff need to be trained on the policy and procedure, so that they know what a privacy breach is and who to call when one is discovered. The policy should require employees to notify the organization’s privacy contact immediately upon learning of a breach. The privacy contact must be trained on how to effectively manage a breach and on the mandatory breach reporting requirements in applicable laws.

All Yukoners and businesses will benefit if privacy laws are understood and followed so that privacy breaches are avoided. For more information go to ombudsman.yk.ca.

Diane McLeod-McKay is the Yukon’s Information and Privacy Commissioner.

Just Posted

Whitehorse march marks anniversary of Wendy Carlick, Sarah MacIntosh murders

The march, held in Whitehorse’s McIntyre subdivision, also honoured Allan Waugh and Greg Dawson

Axed whistleblower sues Yukon government

Jarrett Parker alleges he was terminated for suggesting kids were not receiving appropriate care

Yukon health minister under fire for handling of group home controversy

Silver calls opposition questions raised in public ‘parlour tricks’

Gwich’in, allies vow resistance as U.S. readies ANWR drilling leases

‘The administration has made my people a target’

Black Press Media acquires two new Alaska newspapers

New Media Investment Group to acquire the Akron (OH) Beacon Journal while Black Press Media takes on daily newspapers in Juneau and Kenai Alaska

Gold Rush star Tony Beets appeals pond fire fines

Beets and his company, Tamarack Inc., were fined $31k for violating portions of the Waters Act

Defence lawyer asks Crown appeal of Kolasch acquittal be dismissed

In factum, Harry Kolasch’s lawyer says it’s clear that police officer used excessive force

Yukon Liberals raise $20,000 at Vancouver hockey game

Silver says no public money spent on trip, party refuses to say who bought tickets

Inspector, CYFN lawyer talk about WCC inspection at justice conference

David Loukidelis and Jennie Cunningham spoke about the Whitehorse Correctional Centre

An early view on how the carbon tax will affect the Yukon economy

If you only remember two numbers from the recently released federal-territorial study… Continue reading

‘New way of thinking’ about infrastructure funding asks First Nations and municipalities to chip in

Some of YG’s 25 per cent share of infrastructure cash may come from municipalities or First Nations

Nadia Moser named to senior national team

Whitehorse’s Nadia Moser was officially named to the senior national team by… Continue reading

Most Read