Diane McLeod-McKay, the territory’s information and privacy commissioner, says Yukon organizations and businesses should be aware of the myriad privacy laws that apply to them. (Joel Krahn/Yukon News file)

Every Yukon organization needs a privacy primer

Diane McLeod-McKay | Special to the News

Privacy laws are in place to safeguard your personal information and protect you.

We marked International Data Privacy Day this year on Jan. 28 and as your privacy commissioner, I want to highlight steps being taken to enhance the protection of citizens’ personal information.

In Canada, every jurisdiction has privacy laws that protect the personal information of citizens and has privacy commissioners responsible for monitoring compliance. Most other countries also have privacy laws and privacy commissioners.

The need to enhance privacy protection is now greater than ever, due to advances in technology. Governments and businesses are able to collect massive amounts of personal information, which can be easily processed, transmitted and breached.

Privacy laws allow individuals to control their own personal information. These laws impose limits on the collection, use and disclosure of personal information by governments and businesses. They also require personal information to be properly secured so that breaches do not occur.

A privacy breach can harm an individual. In recognition of this, most newly-drafted privacy laws include a requirement that governments and businesses notify individuals about a breach that may cause them harm. There is also usually a requirement that privacy commissioners be informed about the breach.

The purpose of breach reporting is to ensure individuals know about a breach so they may take steps to prevent any potential harm, and to ensure privacy commissioners can monitor breaches and help with prevention.

Health care providers in Yukon’s public and private sectors must comply with the Health Information Privacy and Management Act (HIPMA), which requires reporting of any breaches. A health care provider must notify an individual (and Yukon’s privacy commissioner) following a privacy breach where there is a risk of significant harm to the individual. If found guilty of failing to do this, fines are between $10,000 and $100,000.

Yukon’s Access to Information and Protection of Privacy Act (ATIPP), in effect since 1995, applies to public bodies, including the Yukon government. The ATIPP Act does not have mandatory breach reporting requirements, but they may be included when the legislation is amended following the current comprehensive review.

There are also privacy laws which govern the private sector. The federal Personal Information Protection and Electronic Documents Act (PIPEDA) applies to the collection, use and disclosure of personal information by an organization in the course of commercial activity. PIPEDA applies to all private sector organizations in Yukon, including private sector health care providers. It also applies to federal works, undertakings or businesses including banks, and telecommunications and transportation companies.

PIPEDA was recently amended to include mandatory breach reporting. Once in effect, the requirement to notify an individual (and the federal privacy commissioner) about a breach will be triggered when an organization determines the breach creates a real risk of significant harm to the individual. Failures to report a breach are subject to fines similar to those in HIPMA.

The General Data Protection Regulation (GDPR) is a European Union law that includes mandatory breach reporting requirements. It will come into effect in May 2018. This law is said to have “extraterritorial” reach because it will apply to an organization that collects, uses or discloses personal information of EU citizens while offering goods or services to them or monitoring their behavior, no matter where the organization is located. Since EU residents visit Yukon every year, it is possible that Yukon businesses may find themselves subject to the GDPR.

The GDPR requires organizations to notify the appropriate supervisory authority within 72 hours about a breach of personal information and without undue delay when the breach is likely to result in a high risk to their rights and freedoms. The fines can be up to 10 million euros or two per cent of the organization’s global turnover (whichever is higher).

The best way for public or private sector organizations in Yukon to avoid being found in violation of mandatory breach reporting requirements is to identify a “privacy contact,” i.e. someone in the organization to be responsible for privacy and to develop breach reporting policy and procedure.

All staff need to be trained on the policy and procedure, so that they know what a privacy breach is and who to call when one is discovered. The policy should require employees to notify the organization’s privacy contact immediately upon learning of a breach. The privacy contact must be trained on how to effectively manage a breach and on the mandatory breach reporting requirements in applicable laws.

All Yukoners and businesses will benefit if privacy laws are understood and followed so that privacy breaches are avoided. For more information go to ombudsman.yk.ca.

Diane McLeod-McKay is the Yukon’s Information and Privacy Commissioner.

PIPEDAprivacy

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

During our recent conversation, John Nicholson showed me snapshots of his time working on the Yukon riverboats 70 years ago. (Michael Gates)
History Hunter: Yukon man relives the riverboat days after seven decades

John Nicholson took summer work on Yukon steamers in the 1950s

A city map shows the property at 107 Range Road. The zoning is now in place for developers to proceed with plans for a Dairy Queen drive-thru. If plans proceed on schedule the new restaurant is anticipated to open in October. (Cyrstal Schick/Yukon News)
October opening eyed for Dairy Queen

Will depend on everything going according to plan

NDP candidate Annie Blake, left, and Liberal incumbent Pauline Frost. (Submitted photos)
Official recount confirms tie vote in Vuntut Gwitchin riding

Both candidates Pauline Frost and Annie Blake are still standing with 78 votes each

Artist’s rendering of a Dairy Queen drive-thru. At its April 13 meeting, Whitehorse city council approved a zoning change to allow a drive-thru at 107 Range Road. Developers sought the change to build a Dairy Queen there. (Submitted)
Drive-thru approved by Whitehorse city council at 107 Range Road

Rezoning could pave the way for a Dairy Queen

xx
WYATT’S WORLD

Wyatt’s World for April 14, 2021.… Continue reading

Joel Krahn/joelkran.com Hikers traverse the Chilkoot Trail in September 2015. Alaska side.
The Canadian side of the Chilkoot Trail will open for summer

The Canadian side of the Chilkoot Trail will open for summer Parks… Continue reading

Whitehorse City Hall (Yukon News file)
City news, briefly

A look at city council matters for the week of April 12

École Whitehorse Elementary Grade 7 students Yumi Traynor and Oscar Wolosewich participated in the Civix Student Vote in Whitehorse on April 12. (Haley Ritchie/Yukon News)
Yukon Student Vote chooses Yukon Party government; NDP take popular vote

The initiative is organized by national non-profit CIVIX

Yvonne Clarke is the newly elected Yukon Party MLA for Porter Creek Centre. (Submitted/Yukon Party)
Yvonne Clarke elected as first Filipina MLA in the Yukon Legislative Assembly

Clarke beat incumbent Liberal Paolo Gallina in Porter Creek Centre

Emily Tredger at NDP election night headquarters after winning the Whitehorse Centre riding. (Stephanie Waddell/Yukon News)
Emily Tredger takes Whitehorse Centre for NDP

MLA-elect ready to get to work in new role

Chief Medical Officer of Health Dr. Brendan Hanley. (Crystal Schick/Yukon News)
Two new cases of COVID-19 variant identified in territory

“If variants were to get out of control in the Yukon, the impact could be serious.”

lwtters
Today’s Mailbox: Rent freezes and the youth vote

Dear Editor, I read the article regarding the recommendations by the Yukon… Continue reading

Point-in-Time homeless count planned this month

Volunteers will count those in shelters, short-term housing and without shelter in a 24-hour period.

Most Read