Diane McLeod-McKay, the territory’s information and privacy commissioner, says Yukon organizations and businesses should be aware of the myriad privacy laws that apply to them. (Joel Krahn/Yukon News file)

Every Yukon organization needs a privacy primer

Diane McLeod-McKay | Special to the News

Privacy laws are in place to safeguard your personal information and protect you.

We marked International Data Privacy Day this year on Jan. 28 and as your privacy commissioner, I want to highlight steps being taken to enhance the protection of citizens’ personal information.

In Canada, every jurisdiction has privacy laws that protect the personal information of citizens and has privacy commissioners responsible for monitoring compliance. Most other countries also have privacy laws and privacy commissioners.

The need to enhance privacy protection is now greater than ever, due to advances in technology. Governments and businesses are able to collect massive amounts of personal information, which can be easily processed, transmitted and breached.

Privacy laws allow individuals to control their own personal information. These laws impose limits on the collection, use and disclosure of personal information by governments and businesses. They also require personal information to be properly secured so that breaches do not occur.

A privacy breach can harm an individual. In recognition of this, most newly-drafted privacy laws include a requirement that governments and businesses notify individuals about a breach that may cause them harm. There is also usually a requirement that privacy commissioners be informed about the breach.

The purpose of breach reporting is to ensure individuals know about a breach so they may take steps to prevent any potential harm, and to ensure privacy commissioners can monitor breaches and help with prevention.

Health care providers in Yukon’s public and private sectors must comply with the Health Information Privacy and Management Act (HIPMA), which requires reporting of any breaches. A health care provider must notify an individual (and Yukon’s privacy commissioner) following a privacy breach where there is a risk of significant harm to the individual. If found guilty of failing to do this, fines are between $10,000 and $100,000.

Yukon’s Access to Information and Protection of Privacy Act (ATIPP), in effect since 1995, applies to public bodies, including the Yukon government. The ATIPP Act does not have mandatory breach reporting requirements, but they may be included when the legislation is amended following the current comprehensive review.

There are also privacy laws which govern the private sector. The federal Personal Information Protection and Electronic Documents Act (PIPEDA) applies to the collection, use and disclosure of personal information by an organization in the course of commercial activity. PIPEDA applies to all private sector organizations in Yukon, including private sector health care providers. It also applies to federal works, undertakings or businesses including banks, and telecommunications and transportation companies.

PIPEDA was recently amended to include mandatory breach reporting. Once in effect, the requirement to notify an individual (and the federal privacy commissioner) about a breach will be triggered when an organization determines the breach creates a real risk of significant harm to the individual. Failures to report a breach are subject to fines similar to those in HIPMA.

The General Data Protection Regulation (GDPR) is a European Union law that includes mandatory breach reporting requirements. It will come into effect in May 2018. This law is said to have “extraterritorial” reach because it will apply to an organization that collects, uses or discloses personal information of EU citizens while offering goods or services to them or monitoring their behavior, no matter where the organization is located. Since EU residents visit Yukon every year, it is possible that Yukon businesses may find themselves subject to the GDPR.

The GDPR requires organizations to notify the appropriate supervisory authority within 72 hours about a breach of personal information and without undue delay when the breach is likely to result in a high risk to their rights and freedoms. The fines can be up to 10 million euros or two per cent of the organization’s global turnover (whichever is higher).

The best way for public or private sector organizations in Yukon to avoid being found in violation of mandatory breach reporting requirements is to identify a “privacy contact,” i.e. someone in the organization to be responsible for privacy and to develop breach reporting policy and procedure.

All staff need to be trained on the policy and procedure, so that they know what a privacy breach is and who to call when one is discovered. The policy should require employees to notify the organization’s privacy contact immediately upon learning of a breach. The privacy contact must be trained on how to effectively manage a breach and on the mandatory breach reporting requirements in applicable laws.

All Yukoners and businesses will benefit if privacy laws are understood and followed so that privacy breaches are avoided. For more information go to ombudsman.yk.ca.

Diane McLeod-McKay is the Yukon’s Information and Privacy Commissioner.

Just Posted

Canada Post rotating strikes hit Whitehorse

Whitehorse postal workers went on strike the morning of Nov. 9

WYATT’S WORLD

Wyatt’s World

Aw, shucks: Wayfarer Oyster House is open for business

Wayfarer Oyster House has its soft opening

Until there’s a traffic light ‘we’re not going to stop’: Hillcrest Community Association president

A petition signed by 22 people was tabled in the legislative assembly on Nov. 8

Striking workers allege assault and threats

Many Rivers workers say their picket line was “stormed”

UPDATED: Yukon Supreme Court Justice Leigh Gower dies unexpectedly

Judge remembered for his balance and diligence, as well as his love for theatre and motorcycles

Twelve months and a strike: Many Rivers workers serve strike notice

Job action is set to start Friday afternoon, when workers will walk off the job

Yukon Premier Sandy Silver discusses carbon pricing plans

The federal backstop will be active in July

About 350 Yukoners are waiting for cataract surgery

The News spoke to one person who has been waiting for almost two years to have the procedure done

New Whitehorse city council sworn in

Councillors say they’re excited to get started on strategic planning

Commentary: Lack of affordable housing in the Yukon is not about funds, but how we spend them

Why are we not building apartment complexes to serve the lower and lower-middle income bracket?

Driving with Jens: When should you plug your vehicle in?

You can probably still start your car without plugging it in at -25 C or colder, but you shouldn’t.

Yukonomist: Too far up the supply curve

Some copper mines come in and out of production as global demand for the metal surges and ebbs.

Most Read