Privacy Management Program
The Protection of Privacy Act (POPA) requires public bodies to establish and implement a privacy management program (PMP).
A PMP is an evolving set of policies, procedures and tools developed by a public body to ensure privacy is protected and ensures that a public body’s internal policies and procedures that align with POPA.
Key purposes of a PMP include the following:
- Promote accountability by establishing clear roles, responsibilities, and processes for managing privacy risks.
- Foster trust with Albertans, employees, and partners by demonstrating a commitment to privacy.
- Specify safeguards to protect personal information, data derived from personal information and non-personal.
- Enable risk management tools to identify, assess, and mitigate privacy risks proactively.
- Support Business Objectives by integrating privacy into business operations, enabling innovation while respecting individuals' rights.
Components:
- Designation of a Privacy Officer
- Ariel Bryant, Privacy and Policy Analyst
- Internal Policies and Procedures
- Privacy and Access Policy
- Collection, Use and Disclosure Procedures
- Correction of Personal Information
- Privacy Incident Response
- Privacy Complaints Procedure
- Privacy Impact Assessments
- Access to Information Requests
- Electronic and Oral Consent
- Data-Matching and Non-Personal Data
- Data Management and Governance Policy
- Artificial Intelligence Policy – in development
- IT Security Policy
- Confidentiality Policy
- Privacy and Access Policy
- Data Security Classification System
- Mandatory Training for Employees
- All employees are auto-enrolled in the polytechnic’s privacy and access course. This course covers the polytechnic’s responsibilities under the Protection of Privacy Act and Access to Information Act, as well as the details of our Privacy Management Program.
- Timelines for periodic review
- The PMP will be reviewed annually by the Privacy Officer