Diane McLeod-McKay, the territory’s information and privacy commissioner, says Yukon organizations and businesses should be aware of the myriad privacy laws that apply to them. (Joel Krahn/Yukon News file)

Every Yukon organization needs a privacy primer

Diane McLeod-McKay | Special to the News

Privacy laws are in place to safeguard your personal information and protect you.

We marked International Data Privacy Day this year on Jan. 28 and as your privacy commissioner, I want to highlight steps being taken to enhance the protection of citizens’ personal information.

In Canada, every jurisdiction has privacy laws that protect the personal information of citizens and has privacy commissioners responsible for monitoring compliance. Most other countries also have privacy laws and privacy commissioners.

The need to enhance privacy protection is now greater than ever, due to advances in technology. Governments and businesses are able to collect massive amounts of personal information, which can be easily processed, transmitted and breached.

Privacy laws allow individuals to control their own personal information. These laws impose limits on the collection, use and disclosure of personal information by governments and businesses. They also require personal information to be properly secured so that breaches do not occur.

A privacy breach can harm an individual. In recognition of this, most newly-drafted privacy laws include a requirement that governments and businesses notify individuals about a breach that may cause them harm. There is also usually a requirement that privacy commissioners be informed about the breach.

The purpose of breach reporting is to ensure individuals know about a breach so they may take steps to prevent any potential harm, and to ensure privacy commissioners can monitor breaches and help with prevention.

Health care providers in Yukon’s public and private sectors must comply with the Health Information Privacy and Management Act (HIPMA), which requires reporting of any breaches. A health care provider must notify an individual (and Yukon’s privacy commissioner) following a privacy breach where there is a risk of significant harm to the individual. If found guilty of failing to do this, fines are between $10,000 and $100,000.

Yukon’s Access to Information and Protection of Privacy Act (ATIPP), in effect since 1995, applies to public bodies, including the Yukon government. The ATIPP Act does not have mandatory breach reporting requirements, but they may be included when the legislation is amended following the current comprehensive review.

There are also privacy laws which govern the private sector. The federal Personal Information Protection and Electronic Documents Act (PIPEDA) applies to the collection, use and disclosure of personal information by an organization in the course of commercial activity. PIPEDA applies to all private sector organizations in Yukon, including private sector health care providers. It also applies to federal works, undertakings or businesses including banks, and telecommunications and transportation companies.

PIPEDA was recently amended to include mandatory breach reporting. Once in effect, the requirement to notify an individual (and the federal privacy commissioner) about a breach will be triggered when an organization determines the breach creates a real risk of significant harm to the individual. Failures to report a breach are subject to fines similar to those in HIPMA.

The General Data Protection Regulation (GDPR) is a European Union law that includes mandatory breach reporting requirements. It will come into effect in May 2018. This law is said to have “extraterritorial” reach because it will apply to an organization that collects, uses or discloses personal information of EU citizens while offering goods or services to them or monitoring their behavior, no matter where the organization is located. Since EU residents visit Yukon every year, it is possible that Yukon businesses may find themselves subject to the GDPR.

The GDPR requires organizations to notify the appropriate supervisory authority within 72 hours about a breach of personal information and without undue delay when the breach is likely to result in a high risk to their rights and freedoms. The fines can be up to 10 million euros or two per cent of the organization’s global turnover (whichever is higher).

The best way for public or private sector organizations in Yukon to avoid being found in violation of mandatory breach reporting requirements is to identify a “privacy contact,” i.e. someone in the organization to be responsible for privacy and to develop breach reporting policy and procedure.

All staff need to be trained on the policy and procedure, so that they know what a privacy breach is and who to call when one is discovered. The policy should require employees to notify the organization’s privacy contact immediately upon learning of a breach. The privacy contact must be trained on how to effectively manage a breach and on the mandatory breach reporting requirements in applicable laws.

All Yukoners and businesses will benefit if privacy laws are understood and followed so that privacy breaches are avoided. For more information go to ombudsman.yk.ca.

Diane McLeod-McKay is the Yukon’s Information and Privacy Commissioner.

Just Posted

Yukon RCMP concludes investigation into fatal Haines Junction ambulance crash

RCMP spokesperson confirms no charges are being laid

Yukon COs kill 3 bears attracted to ‘waste’ stored at Whitehorse junkyard

‘If it can smell like food (a bear is) on it, and it’s happening all over the place.’

YG bars Dawson City’s retired dentist from providing emergency services

Government can’t get its story straight over why Helmut Schoener can’t use hospital dental suite

Fox family in Whitehorse neighbourhood could face removal this fall

‘The foxes have been here a lot longer, and we’re the invader’

Great Northern Tournament returns for fourth medieval combat event

‘Every year it grows a little more and we get a little better at it’

Chilkat Challenge Triathlon holds second race

Dozens of racers paddled, biked and ran from Mosquito Lake to Chilkat State Park

YESAB report urges traffic lights at Alaska Highway intersection

Lower speed limits suggested ahead of new gas station construction

Yukon government denies it owes substitute teachers unpaid wages

The Department of Education filed responses July 5 to five lawsuits launched against it by substitute teachers

Some women won the marriage lottery in the Klondike

Others did not fare so well in love

The wonderful world of Airbnb Whitehorse

Wonderful for tourists and homeowners at least. Renters? Not so much

Yukon researcher contributes to climate change adaptation report

‘We really worked to weave consideration of different ways of knowing through the report’

Whitehorse singer Sarah MacDougall’s new record sounds like scenery

‘Just getting out of town slightly, you can see a lot of beauty’

Most Read