SlideShare uma empresa Scribd logo

Student privacy and your ontario college

Transferir como PPTX, PDF
Dan Michaluk
Dan Michaluk

FIPPA, MFIPPA, privacy regulation, education law

TecnologiaEducação
1 de 27
Student Privacy and Your Ontario College Dan Michaluk CSC Annual Conference May 29, 2012
Student Privacy and Your Ontario College • FIPPA Basics • FIPPA and Collection of PI • Use and Disclosure of PI under FIPPA • Safeguarding PI under FIPPA • Enforcement and Liability • Discussion of College Adult Upgrading Issues • Question & Answer Student Privacy and Your Ontario College
FIPPA Basics • FIPPA is the “Freedom of Information and Protection of Privacy Act” • FIPPA does two things • Protects student privacy • Provides a right of access to college records Student Privacy and Your Ontario College
FIPPA Basics • Josie enrols in a concurrent education course. The registrar’s office opens a record for her in its student records system. It includes her name, address and date of birth. When Josie finishes the course successfully, her record is updated. What personal information has the College collected? Student Privacy and Your Ontario College
FIPPA Basics • In, class Josie’s professor is de-briefing a self- reflection unit. Quite spontaneously, Josie shares a very sensitive personal story about her upbringing with the class. The professor takes no notes. Does the College have applicable duties under FIPPA? Student Privacy and Your Ontario College
FIPPA Basics • The privacy part protects “personal information” • Information about an identifiable individual • Not business contact information • Generally not information about someone in a professional capacity – e.g. work product • This includes information that is not recorded Student Privacy and Your Ontario College
FIPPA and Collection of PI • FIPPA is not a consent-based statute • Ordinarily must meet two essential requirements • necessary to the proper administration of a lawfully authorized activity and • collected directly from the individual unless exception applies • Plus must give notice of collection Student Privacy and Your Ontario College
FIPPA and Collection of PI • Who’s collecting it? • An institution that collects PI is accountable for it • So in collaborative efforts, you need to understand who is doing the collection • Two potential scenarios involving Ministry • You’re collecting PI for you and the Ministry • You’re collecting PI for the Ministry alone Student Privacy and Your Ontario College
FIPPA and Collection of PI • For what purpose is it being collected? • The stated purpose is the key basis for collection, use and disclosure • Notice of collection must state the “principal purpose or purposes” • Must also state the legal authority for the collection – ordinarily section 2 of the OCAAT – and provide certain contact information Student Privacy and Your Ontario College
FIPPA and Collection of PI • Is the collection necessary in light of the purpose? • Applies with or without consent • Applies to each data element collected • IPC applies a strict test (upheld by Court of Appeal) • More than merely helpful • Less intrusive means must be taken • Different than reasonable in all the circumstances Student Privacy and Your Ontario College
FIPPA and Collection of PI • Can you collect indirectly? • Consent • Determining suitability for honour or award • Law enforcement (but internal disciplinary investigations have been ruled not to be law enforcement) This restriction is so strict it is a problem for colleges, especially because it could preclude legitimate threat assessment efforts. Student Privacy and Your Ontario College
Use and Disclosure of PI under FIPPA • Use versus disclosure • Neither are defined • Under FIPPA an internal communication or a communication to an agent is treated as a disclosure • A communication to an external entity for its own purposes usually represents a disclosure Student Privacy and Your Ontario College
Use and Disclosure of PI under FIPPA • The statute is fairly permissive • Yes - for the purpose you collected it • Yes - for a “consistent” “secondary purpose” • Consistent if individual “might reasonably have expected such a use or disclosure” Student Privacy and Your Ontario College
Use and Disclosure of PI under FIPPA • The statute is fairly permissive (cont.) • Yes – to an employee/agent “who needs the record in the performance of their duties and where disclosure is necessary and proper in the discharge of the institution’s functions” Student Privacy and Your Ontario College
Use and Disclosure of PI under FIPPA • FAQ – Can a college report crime to the police? • Yes • There’s a public interest in the reporting of crime • There’s a very broad exception in FIPPA • Note – the police may not be able to receive student records without first seeking a warrant • Note – the same rule doesn’t apply to concerns that arise out of a health care relationship Student Privacy and Your Ontario College
Use and Disclosure of PI under FIPPA • FAQ – Can a college share information about a former student with another college? • Institutions sometimes ask other institutions for a summary of their dealings with a student • In most circumstances sharing this information without consent is prohibited Student Privacy and Your Ontario College
Use and Disclosure of PI under FIPPA • FAQ – Can a college share information with a student’s parents? • Generally not (age 16 is the cut off) • Beware of the “health and safety” exceptions in sections 42(1)(h) and 11 We know that some parents can be great allies in helping to manage students at risk. It may be reasonable in some circumstances to impose a parental contact requirement as part of a behavioral contract. Student Privacy and Your Ontario College
Safeguarding PI under FIPPA • The chair of the each college board has a duty to • ensure “reasonable measures” are taken • ensure access is on a need to know basis • ensure “reasonable steps” taken in destruction process (secure destruction per IPC guideline) • Duty may be delegated via governance structure • No maximum retention duty, but keeping PI comes with a responsibility for security Student Privacy and Your Ontario College
Safeguarding PI under FIPPA • Best practices for safeguarding PI • Periodic risk assessment procedures • Intrusion detection and security audit structures • Records management structures • Human resources policy • Physical transfer of personal information policy • Disposal procedures • Privacy breach procedures Student Privacy and Your Ontario College
Safeguarding PI under FIPPA • Systematic is good, but what’s your low hanging fruit? Student Privacy and Your Ontario College
Safeguarding PI under FIPPA • Systematic is good, but what’s your low hanging fruit? • Anecdotally… • …Lost USB keys • …Lost laptops • …Recycling versus shredding • …Departing employees Student Privacy and Your Ontario College
Enforcement and Liability • FIPPA enforcement • Rests on voluntary compliance of public sector institutions • IPC will handle most complaints through an informal resolution process • Complaints that are not resolved will be investigated and the subject of a public report, often with recommendations Student Privacy and Your Ontario College
Enforcement and Liability • Civil liability for privacy breaches • Data breach liability is real • Breach response costs are significant and will be borne for breaches of almost any consequence • Damage claims are possible • A question of negligence • Best defence will arise from due diligence Student Privacy and Your Ontario College
Enforcement and Liability • The new intrusion upon seclusion cause of action • Not clear how this will affect day-to-day college administration • Only covers unauthorized collections of information • Rests on a “reasonable expectation of privacy” • Also must establish the an intrusion that is “highly offensive” Student Privacy and Your Ontario College
College Adult Upgrading Issues Student Privacy and Your Ontario College
Question & Answer Student Privacy and Your Ontario College
Student Privacy and Your Ontario College Dan Michaluk CSC Annual Conference May 29, 2012

Recomendados

Boot Camp 2015
Boot Camp 2015Boot Camp 2015
Boot Camp 2015Robert Cutbirth
 
Surviving a BYOD Implementation
Surviving a BYOD ImplementationSurviving a BYOD Implementation
Surviving a BYOD ImplementationDiana Benner
 
Employment Law Due Diligence
Employment Law Due DiligenceEmployment Law Due Diligence
Employment Law Due DiligenceDan Michaluk
 
Internal Investigations and Employee Privacy
Internal Investigations and Employee PrivacyInternal Investigations and Employee Privacy
Internal Investigations and Employee PrivacyDan Michaluk
 
Five social media issues for employers lawyers
Five social media issues for employers lawyersFive social media issues for employers lawyers
Five social media issues for employers lawyersDan Michaluk
 
Desert island privacy cases for employment lawyers
Desert island privacy cases for employment lawyersDesert island privacy cases for employment lawyers
Desert island privacy cases for employment lawyersDan Michaluk
 
Investigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsInvestigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsDan Michaluk
 
Social Media and Employee Privacy
Social Media and Employee PrivacySocial Media and Employee Privacy
Social Media and Employee PrivacyDan Michaluk
 

Recomendados

Boot Camp 2015
Boot Camp 2015Boot Camp 2015
Boot Camp 2015Robert Cutbirth
 
Surviving a BYOD Implementation
Surviving a BYOD ImplementationSurviving a BYOD Implementation
Surviving a BYOD ImplementationDiana Benner
 
Employment Law Due Diligence
Employment Law Due DiligenceEmployment Law Due Diligence
Employment Law Due DiligenceDan Michaluk
 
Internal Investigations and Employee Privacy
Internal Investigations and Employee PrivacyInternal Investigations and Employee Privacy
Internal Investigations and Employee PrivacyDan Michaluk
 
Five social media issues for employers lawyers
Five social media issues for employers lawyersFive social media issues for employers lawyers
Five social media issues for employers lawyersDan Michaluk
 
Desert island privacy cases for employment lawyers
Desert island privacy cases for employment lawyersDesert island privacy cases for employment lawyers
Desert island privacy cases for employment lawyersDan Michaluk
 
Investigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsInvestigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsDan Michaluk
 
Social Media and Employee Privacy
Social Media and Employee PrivacySocial Media and Employee Privacy
Social Media and Employee PrivacyDan Michaluk
 
FERPA - SCASFAA 2015
FERPA - SCASFAA 2015FERPA - SCASFAA 2015
FERPA - SCASFAA 2015DJ Wetzel
 
NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014emilyensign
 
Electronic Security Issues for Schools
Electronic Security Issues for SchoolsElectronic Security Issues for Schools
Electronic Security Issues for SchoolsBrett Napier, MBA
 
Ferpa
FerpaFerpa
Ferpabrandyholekamp
 
Confidentiality and Special Education Training by Madison County Schools
Confidentiality and Special Education Training by Madison County SchoolsConfidentiality and Special Education Training by Madison County Schools
Confidentiality and Special Education Training by Madison County SchoolsAtlantic Training, LLC.
 
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....ErnestManigo1
 
OASFAA 2008 Conference FERPA
OASFAA 2008 Conference FERPAOASFAA 2008 Conference FERPA
OASFAA 2008 Conference FERPApetemacchia
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Dan Michaluk
 
Education law conference, March 2017 - Nottingham - What to do when it all go...
Education law conference, March 2017 - Nottingham - What to do when it all go...Education law conference, March 2017 - Nottingham - What to do when it all go...
Education law conference, March 2017 - Nottingham - What to do when it all go...Browne Jacobson LLP
 
Apr 2021 cp freshmen briefing deck 8 april
Apr 2021 cp freshmen briefing deck 8 aprilApr 2021 cp freshmen briefing deck 8 april
Apr 2021 cp freshmen briefing deck 8 aprilMark Kor
 
Education Queensland
Education QueenslandEducation Queensland
Education QueenslandKerry O'Brien
 
Safeguarding pupils and student teachers
Safeguarding pupils and student teachersSafeguarding pupils and student teachers
Safeguarding pupils and student teachersLee Hazeldine
 
Development and Skills Conference 2013: Iain rowan - student complaints
Development and Skills Conference 2013: Iain rowan - student complaintsDevelopment and Skills Conference 2013: Iain rowan - student complaints
Development and Skills Conference 2013: Iain rowan - student complaintsAssociation of University Administrators
 
Employee Privacy Rights: New Developments in the Law
Employee Privacy Rights: New Developments in the LawEmployee Privacy Rights: New Developments in the Law
Employee Privacy Rights: New Developments in the LawEnercare Inc.
 
Va child safety & confidentiality 2019.pptx
Va child safety & confidentiality 2019.pptxVa child safety & confidentiality 2019.pptx
Va child safety & confidentiality 2019.pptxeward018
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentationJisc
 
Responding to the Department of Education Program Review
Responding to the Department of Education Program ReviewResponding to the Department of Education Program Review
Responding to the Department of Education Program ReviewDennis Cariello
 
Ethics Update for School Counselors
Ethics Update for School CounselorsEthics Update for School Counselors
Ethics Update for School CounselorsJohn Gavazzi, PsyD, ABPP
 
Ethics Update for School Counselors
Ethics Update for School CounselorsEthics Update for School Counselors
Ethics Update for School CounselorsJohn Gavazzi
 
Lawsense Law School Conference - Discrimination Law and Current Issues
Lawsense Law School Conference - Discrimination Law and Current IssuesLawsense Law School Conference - Discrimination Law and Current Issues
Lawsense Law School Conference - Discrimination Law and Current IssuesKerry O'Brien
 
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 

Mais conteúdo relacionado

Semelhante a Student privacy and your ontario college

FERPA - SCASFAA 2015
FERPA - SCASFAA 2015FERPA - SCASFAA 2015
FERPA - SCASFAA 2015DJ Wetzel
 
NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014emilyensign
 
Electronic Security Issues for Schools
Electronic Security Issues for SchoolsElectronic Security Issues for Schools
Electronic Security Issues for SchoolsBrett Napier, MBA
 
Confidentiality and Special Education Training by Madison County Schools
Confidentiality and Special Education Training by Madison County SchoolsConfidentiality and Special Education Training by Madison County Schools
Confidentiality and Special Education Training by Madison County SchoolsAtlantic Training, LLC.
 
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....ErnestManigo1
 
OASFAA 2008 Conference FERPA
OASFAA 2008 Conference FERPAOASFAA 2008 Conference FERPA
OASFAA 2008 Conference FERPApetemacchia
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Dan Michaluk
 
Education law conference, March 2017 - Nottingham - What to do when it all go...
Education law conference, March 2017 - Nottingham - What to do when it all go...Education law conference, March 2017 - Nottingham - What to do when it all go...
Education law conference, March 2017 - Nottingham - What to do when it all go...Browne Jacobson LLP
 
Apr 2021 cp freshmen briefing deck 8 april
Apr 2021 cp freshmen briefing deck 8 aprilApr 2021 cp freshmen briefing deck 8 april
Apr 2021 cp freshmen briefing deck 8 aprilMark Kor
 
Education Queensland
Education QueenslandEducation Queensland
Education QueenslandKerry O'Brien
 
Safeguarding pupils and student teachers
Safeguarding pupils and student teachersSafeguarding pupils and student teachers
Safeguarding pupils and student teachersLee Hazeldine
 
Employee Privacy Rights: New Developments in the Law
Employee Privacy Rights: New Developments in the LawEmployee Privacy Rights: New Developments in the Law
Employee Privacy Rights: New Developments in the LawEnercare Inc.
 
Va child safety & confidentiality 2019.pptx
Va child safety & confidentiality 2019.pptxVa child safety & confidentiality 2019.pptx
Va child safety & confidentiality 2019.pptxeward018
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentationJisc
 
Responding to the Department of Education Program Review
Responding to the Department of Education Program ReviewResponding to the Department of Education Program Review
Responding to the Department of Education Program ReviewDennis Cariello
 
Ethics Update for School Counselors
Ethics Update for School CounselorsEthics Update for School Counselors
Ethics Update for School CounselorsJohn Gavazzi
 
Lawsense Law School Conference - Discrimination Law and Current Issues
Lawsense Law School Conference - Discrimination Law and Current IssuesLawsense Law School Conference - Discrimination Law and Current Issues
Lawsense Law School Conference - Discrimination Law and Current IssuesKerry O'Brien
 

Semelhante a Student privacy and your ontario college (20)

FERPA - SCASFAA 2015
FERPA - SCASFAA 2015FERPA - SCASFAA 2015
FERPA - SCASFAA 2015
 
NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014
 
Electronic Security Issues for Schools
Electronic Security Issues for SchoolsElectronic Security Issues for Schools
Electronic Security Issues for Schools
 
Ferpa
FerpaFerpa
Ferpa
 
Confidentiality and Special Education Training by Madison County Schools
Confidentiality and Special Education Training by Madison County SchoolsConfidentiality and Special Education Training by Madison County Schools
Confidentiality and Special Education Training by Madison County Schools
 
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....
USED_IN_TRAININGS_AS_OF_11_1_21_updated_11_5_for_phone_number_on_Slide_35[1]....
 
OASFAA 2008 Conference FERPA
OASFAA 2008 Conference FERPAOASFAA 2008 Conference FERPA
OASFAA 2008 Conference FERPA
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014
 
Education law conference, March 2017 - Nottingham - What to do when it all go...
Education law conference, March 2017 - Nottingham - What to do when it all go...Education law conference, March 2017 - Nottingham - What to do when it all go...
Education law conference, March 2017 - Nottingham - What to do when it all go...
 
Apr 2021 cp freshmen briefing deck 8 april
Apr 2021 cp freshmen briefing deck 8 aprilApr 2021 cp freshmen briefing deck 8 april
Apr 2021 cp freshmen briefing deck 8 april
 
Education Queensland
Education QueenslandEducation Queensland
Education Queensland
 
Safeguarding pupils and student teachers
Safeguarding pupils and student teachersSafeguarding pupils and student teachers
Safeguarding pupils and student teachers
 
Development and Skills Conference 2013: Iain rowan - student complaints
Development and Skills Conference 2013: Iain rowan - student complaintsDevelopment and Skills Conference 2013: Iain rowan - student complaints
Development and Skills Conference 2013: Iain rowan - student complaints
 
Employee Privacy Rights: New Developments in the Law
Employee Privacy Rights: New Developments in the LawEmployee Privacy Rights: New Developments in the Law
Employee Privacy Rights: New Developments in the Law
 
Va child safety & confidentiality 2019.pptx
Va child safety & confidentiality 2019.pptxVa child safety & confidentiality 2019.pptx
Va child safety & confidentiality 2019.pptx
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentation
 
Responding to the Department of Education Program Review
Responding to the Department of Education Program ReviewResponding to the Department of Education Program Review
Responding to the Department of Education Program Review
 
Ethics Update for School Counselors
Ethics Update for School CounselorsEthics Update for School Counselors
Ethics Update for School Counselors
 
Ethics Update for School Counselors
Ethics Update for School CounselorsEthics Update for School Counselors
Ethics Update for School Counselors
 
Lawsense Law School Conference - Discrimination Law and Current Issues
Lawsense Law School Conference - Discrimination Law and Current IssuesLawsense Law School Conference - Discrimination Law and Current Issues
Lawsense Law School Conference - Discrimination Law and Current Issues
 

Mais de Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coachDan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boardsDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidenceDan Michaluk
 

Mais de Dan Michaluk (20)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 

Último

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 

Último (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 

Student privacy and your ontario college

  • 1. Student Privacy and Your Ontario College Dan Michaluk CSC Annual Conference May 29, 2012
  • 2. Student Privacy and Your Ontario College • FIPPA Basics • FIPPA and Collection of PI • Use and Disclosure of PI under FIPPA • Safeguarding PI under FIPPA • Enforcement and Liability • Discussion of College Adult Upgrading Issues • Question & Answer Student Privacy and Your Ontario College
  • 3. FIPPA Basics • FIPPA is the “Freedom of Information and Protection of Privacy Act” • FIPPA does two things • Protects student privacy • Provides a right of access to college records Student Privacy and Your Ontario College
  • 4. FIPPA Basics • Josie enrols in a concurrent education course. The registrar’s office opens a record for her in its student records system. It includes her name, address and date of birth. When Josie finishes the course successfully, her record is updated. What personal information has the College collected? Student Privacy and Your Ontario College
  • 5. FIPPA Basics • In, class Josie’s professor is de-briefing a self- reflection unit. Quite spontaneously, Josie shares a very sensitive personal story about her upbringing with the class. The professor takes no notes. Does the College have applicable duties under FIPPA? Student Privacy and Your Ontario College
  • 6. FIPPA Basics • The privacy part protects “personal information” • Information about an identifiable individual • Not business contact information • Generally not information about someone in a professional capacity – e.g. work product • This includes information that is not recorded Student Privacy and Your Ontario College
  • 7. FIPPA and Collection of PI • FIPPA is not a consent-based statute • Ordinarily must meet two essential requirements • necessary to the proper administration of a lawfully authorized activity and • collected directly from the individual unless exception applies • Plus must give notice of collection Student Privacy and Your Ontario College
  • 8. FIPPA and Collection of PI • Who’s collecting it? • An institution that collects PI is accountable for it • So in collaborative efforts, you need to understand who is doing the collection • Two potential scenarios involving Ministry • You’re collecting PI for you and the Ministry • You’re collecting PI for the Ministry alone Student Privacy and Your Ontario College
  • 9. FIPPA and Collection of PI • For what purpose is it being collected? • The stated purpose is the key basis for collection, use and disclosure • Notice of collection must state the “principal purpose or purposes” • Must also state the legal authority for the collection – ordinarily section 2 of the OCAAT – and provide certain contact information Student Privacy and Your Ontario College
  • 10. FIPPA and Collection of PI • Is the collection necessary in light of the purpose? • Applies with or without consent • Applies to each data element collected • IPC applies a strict test (upheld by Court of Appeal) • More than merely helpful • Less intrusive means must be taken • Different than reasonable in all the circumstances Student Privacy and Your Ontario College
  • 11. FIPPA and Collection of PI • Can you collect indirectly? • Consent • Determining suitability for honour or award • Law enforcement (but internal disciplinary investigations have been ruled not to be law enforcement) This restriction is so strict it is a problem for colleges, especially because it could preclude legitimate threat assessment efforts. Student Privacy and Your Ontario College
  • 12. Use and Disclosure of PI under FIPPA • Use versus disclosure • Neither are defined • Under FIPPA an internal communication or a communication to an agent is treated as a disclosure • A communication to an external entity for its own purposes usually represents a disclosure Student Privacy and Your Ontario College
  • 13. Use and Disclosure of PI under FIPPA • The statute is fairly permissive • Yes - for the purpose you collected it • Yes - for a “consistent” “secondary purpose” • Consistent if individual “might reasonably have expected such a use or disclosure” Student Privacy and Your Ontario College
  • 14. Use and Disclosure of PI under FIPPA • The statute is fairly permissive (cont.) • Yes – to an employee/agent “who needs the record in the performance of their duties and where disclosure is necessary and proper in the discharge of the institution’s functions” Student Privacy and Your Ontario College
  • 15. Use and Disclosure of PI under FIPPA • FAQ – Can a college report crime to the police? • Yes • There’s a public interest in the reporting of crime • There’s a very broad exception in FIPPA • Note – the police may not be able to receive student records without first seeking a warrant • Note – the same rule doesn’t apply to concerns that arise out of a health care relationship Student Privacy and Your Ontario College
  • 16. Use and Disclosure of PI under FIPPA • FAQ – Can a college share information about a former student with another college? • Institutions sometimes ask other institutions for a summary of their dealings with a student • In most circumstances sharing this information without consent is prohibited Student Privacy and Your Ontario College
  • 17. Use and Disclosure of PI under FIPPA • FAQ – Can a college share information with a student’s parents? • Generally not (age 16 is the cut off) • Beware of the “health and safety” exceptions in sections 42(1)(h) and 11 We know that some parents can be great allies in helping to manage students at risk. It may be reasonable in some circumstances to impose a parental contact requirement as part of a behavioral contract. Student Privacy and Your Ontario College
  • 18. Safeguarding PI under FIPPA • The chair of the each college board has a duty to • ensure “reasonable measures” are taken • ensure access is on a need to know basis • ensure “reasonable steps” taken in destruction process (secure destruction per IPC guideline) • Duty may be delegated via governance structure • No maximum retention duty, but keeping PI comes with a responsibility for security Student Privacy and Your Ontario College
  • 19. Safeguarding PI under FIPPA • Best practices for safeguarding PI • Periodic risk assessment procedures • Intrusion detection and security audit structures • Records management structures • Human resources policy • Physical transfer of personal information policy • Disposal procedures • Privacy breach procedures Student Privacy and Your Ontario College
  • 20. Safeguarding PI under FIPPA • Systematic is good, but what’s your low hanging fruit? Student Privacy and Your Ontario College
  • 21. Safeguarding PI under FIPPA • Systematic is good, but what’s your low hanging fruit? • Anecdotally… • …Lost USB keys • …Lost laptops • …Recycling versus shredding • …Departing employees Student Privacy and Your Ontario College
  • 22. Enforcement and Liability • FIPPA enforcement • Rests on voluntary compliance of public sector institutions • IPC will handle most complaints through an informal resolution process • Complaints that are not resolved will be investigated and the subject of a public report, often with recommendations Student Privacy and Your Ontario College
  • 23. Enforcement and Liability • Civil liability for privacy breaches • Data breach liability is real • Breach response costs are significant and will be borne for breaches of almost any consequence • Damage claims are possible • A question of negligence • Best defence will arise from due diligence Student Privacy and Your Ontario College
  • 24. Enforcement and Liability • The new intrusion upon seclusion cause of action • Not clear how this will affect day-to-day college administration • Only covers unauthorized collections of information • Rests on a “reasonable expectation of privacy” • Also must establish the an intrusion that is “highly offensive” Student Privacy and Your Ontario College
  • 25. College Adult Upgrading Issues Student Privacy and Your Ontario College
  • 26. Question & Answer Student Privacy and Your Ontario College
  • 27. Student Privacy and Your Ontario College Dan Michaluk CSC Annual Conference May 29, 2012