Diane McLeod-McKay, the territory’s information and privacy commissioner, says Yukon organizations and businesses should be aware of the myriad privacy laws that apply to them. (Joel Krahn/Yukon News file)

Every Yukon organization needs a privacy primer

Diane McLeod-McKay | Special to the News

Privacy laws are in place to safeguard your personal information and protect you.

We marked International Data Privacy Day this year on Jan. 28 and as your privacy commissioner, I want to highlight steps being taken to enhance the protection of citizens’ personal information.

In Canada, every jurisdiction has privacy laws that protect the personal information of citizens and has privacy commissioners responsible for monitoring compliance. Most other countries also have privacy laws and privacy commissioners.

The need to enhance privacy protection is now greater than ever, due to advances in technology. Governments and businesses are able to collect massive amounts of personal information, which can be easily processed, transmitted and breached.

Privacy laws allow individuals to control their own personal information. These laws impose limits on the collection, use and disclosure of personal information by governments and businesses. They also require personal information to be properly secured so that breaches do not occur.

A privacy breach can harm an individual. In recognition of this, most newly-drafted privacy laws include a requirement that governments and businesses notify individuals about a breach that may cause them harm. There is also usually a requirement that privacy commissioners be informed about the breach.

The purpose of breach reporting is to ensure individuals know about a breach so they may take steps to prevent any potential harm, and to ensure privacy commissioners can monitor breaches and help with prevention.

Health care providers in Yukon’s public and private sectors must comply with the Health Information Privacy and Management Act (HIPMA), which requires reporting of any breaches. A health care provider must notify an individual (and Yukon’s privacy commissioner) following a privacy breach where there is a risk of significant harm to the individual. If found guilty of failing to do this, fines are between $10,000 and $100,000.

Yukon’s Access to Information and Protection of Privacy Act (ATIPP), in effect since 1995, applies to public bodies, including the Yukon government. The ATIPP Act does not have mandatory breach reporting requirements, but they may be included when the legislation is amended following the current comprehensive review.

There are also privacy laws which govern the private sector. The federal Personal Information Protection and Electronic Documents Act (PIPEDA) applies to the collection, use and disclosure of personal information by an organization in the course of commercial activity. PIPEDA applies to all private sector organizations in Yukon, including private sector health care providers. It also applies to federal works, undertakings or businesses including banks, and telecommunications and transportation companies.

PIPEDA was recently amended to include mandatory breach reporting. Once in effect, the requirement to notify an individual (and the federal privacy commissioner) about a breach will be triggered when an organization determines the breach creates a real risk of significant harm to the individual. Failures to report a breach are subject to fines similar to those in HIPMA.

The General Data Protection Regulation (GDPR) is a European Union law that includes mandatory breach reporting requirements. It will come into effect in May 2018. This law is said to have “extraterritorial” reach because it will apply to an organization that collects, uses or discloses personal information of EU citizens while offering goods or services to them or monitoring their behavior, no matter where the organization is located. Since EU residents visit Yukon every year, it is possible that Yukon businesses may find themselves subject to the GDPR.

The GDPR requires organizations to notify the appropriate supervisory authority within 72 hours about a breach of personal information and without undue delay when the breach is likely to result in a high risk to their rights and freedoms. The fines can be up to 10 million euros or two per cent of the organization’s global turnover (whichever is higher).

The best way for public or private sector organizations in Yukon to avoid being found in violation of mandatory breach reporting requirements is to identify a “privacy contact,” i.e. someone in the organization to be responsible for privacy and to develop breach reporting policy and procedure.

All staff need to be trained on the policy and procedure, so that they know what a privacy breach is and who to call when one is discovered. The policy should require employees to notify the organization’s privacy contact immediately upon learning of a breach. The privacy contact must be trained on how to effectively manage a breach and on the mandatory breach reporting requirements in applicable laws.

All Yukoners and businesses will benefit if privacy laws are understood and followed so that privacy breaches are avoided. For more information go to ombudsman.yk.ca.

Diane McLeod-McKay is the Yukon’s Information and Privacy Commissioner.

PIPEDAprivacy

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Phase two of the Yukon’s reopening plan could start July 1

New phase would include travel between B.C. and the Yukon

Spas, hair salons, tattoo parlours and more ready for reopening

Many personal services shops set June date to offically welcome back customers

Community Development Fund awards announced

January intake sees $1.4 million for 24 community projects

Alaskan telecom finishes fibre line linking state to Lower 48 via the Yukon

Northwestel is among the Canadian companies carrying MTA’s traffic down south

Civil liberties group pens letter questioning Yukon’s COVID-19 border restrictions

Canadian Civil Liberties Association arguing the Yukon’s border control measures are unconstitutional

City hall, briefly

A look at decisions made by Whitehorse city council this week. June… Continue reading

Pilot Station salmon sonar to go ahead this season

The Pilot Station sonar, located near the mouth of the Yukon River… Continue reading

Renovations start at LePage Park

The Yukon Historical and Museums Association has started a resurfacing project for… Continue reading

Contract awarded for mixed-income housing project

The Yukon government has awarded a $16.8-million contract to build the mixed-income… Continue reading

Watson Lake man charged with gun offences after break-and-enter

Alfred Magun, 60, was arrested and charged with eight offences

Top of the World Highway border crossings remain closed

The Little Gold Creek and Poker Creek border crossings will remain closed… Continue reading

Gymnasts return to Polarettes

Club reopens, summer camps also approved

Yukon College becomes Yukon University

Yukon College has officially become Yukon University, or “YukonU.” The post-secondary institution… Continue reading

Most Read